CVE-2005-3482
CVSS5.0
发布时间 :2005-11-02 21:02:00
修订时间 :2011-03-07 21:26:35
NMCO    

[原文]Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host.


[CNNVD]Cisco Airespace无线LAN控制器允许未加密网络访问漏洞(CNNVD-200511-085)

        Cisco Airespace无线LAN控制器是轻型的无线网络接入设备。
        LWAPP是用于管理接入点的开放协议。在这种运行模式下,WLAN控制器系统用于在多个不同的轻型接入点之间创建和强制策略,所有WLAN运行所必须的函数都由WLAN控制器统一控制。即使配置了加密通讯的话,由LWAPP运行模式的2000或4400 WLAN控制器控制的Cisco 1200、1131和1240系列接入点仍可以从终端主机接收非加密的通讯。这些通讯必须源自合法的、已认证终端主机的MAC地址。攻击者可以利用这个漏洞向安全网络发送恶意通讯。合法终端主机仍可以以加密方式与接入点通讯。仅有以LWAPP模式运行的接入点才受这个漏洞影响,以自治模式运行的接入点不受影响。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:cisco:aironet_ap1240Cisco AP1240
cpe:/h:cisco:aironet_ap1200Cisco Aironet 1200
cpe:/h:cisco:aironet_ap1131Cisco AP1131

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3482
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3482
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-085
(官方数据源) CNNVD

- 其它链接及资源

http://www.cisco.com/warp/public/707/cisco-sa-20051102-lwapp.shtml
(VENDOR_ADVISORY)  CISCO  20051102 Cisco Airespace Wireless LAN Controllers Allow Unencrypted Network Access
http://www.vupen.com/english/advisories/2005/2278
(UNKNOWN)  VUPEN  ADV-2005-2278
http://www.securityfocus.com/bid/15272
(UNKNOWN)  BID  15272
http://www.osvdb.org/20454
(UNKNOWN)  OSVDB  20454
http://securitytracker.com/id?1015140
(UNKNOWN)  SECTRACK  1015140
http://secunia.com/advisories/17406
(UNKNOWN)  SECUNIA  17406
http://securityreason.com/securityalert/139
(UNKNOWN)  SREASON  139

- 漏洞信息

Cisco Airespace无线LAN控制器允许未加密网络访问漏洞
中危 访问验证错误
2005-11-02 00:00:00 2006-06-12 00:00:00
远程  
        Cisco Airespace无线LAN控制器是轻型的无线网络接入设备。
        LWAPP是用于管理接入点的开放协议。在这种运行模式下,WLAN控制器系统用于在多个不同的轻型接入点之间创建和强制策略,所有WLAN运行所必须的函数都由WLAN控制器统一控制。即使配置了加密通讯的话,由LWAPP运行模式的2000或4400 WLAN控制器控制的Cisco 1200、1131和1240系列接入点仍可以从终端主机接收非加密的通讯。这些通讯必须源自合法的、已认证终端主机的MAC地址。攻击者可以利用这个漏洞向安全网络发送恶意通讯。合法终端主机仍可以以加密方式与接入点通讯。仅有以LWAPP模式运行的接入点才受这个漏洞影响,以自治模式运行的接入点不受影响。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.cisco.com/warp/public/707/cisco-sa-20051102-lwapp.shtml
        http://www.cisco.com/pcgi-bin/tablebuild.pl/2000_series_Wireless_LAN_controller
        http://www.cisco.com/pcgi-bin/tablebuild.pl/4400_series_Wireless_LAN_controller

- 漏洞信息

20454
Cisco Wireless LWAPP Mode MAC Spoofing Encryption Bypass
Remote / Network Access, Wireless Vector Cryptographic
Loss of Integrity

- 漏洞描述

Cisco Aironet Series Access Points controlled by Airespace Wireless LAN (WLAN) Controllers contain a flaw that may allow a malicious user to bypass certain security restrictions. The issue is due to an error in Cisco Access Points operating in Lightweight Access Point Protocol (LWAPP) mode that accepts unencrypted traffic from end hosts even when configured to encrypt traffic. It is possible that the flaw may allow unauthenticated end hosts to send unencrypted traffic to a secure network by sending frames from the Media Access Control (MAC) address of an already authenticated end host resulting in a loss of integrity.

- 时间线

2005-11-02 2005-11-02
Unknow Unknow

- 解决方案

Upgrade to version 3.1.105.0 or higher of the Airespace Wireless LAN (WLAN) Controller, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站