CVE-2007-4011
First published: Thu Jul 26 2007(Updated: )
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco 4100 Wireless LAN Controller | ||
| Cisco 4400 Wireless LAN Controller | ||
| Cisco Airespace 4000 Wireless LAN Controller | ||
| Cisco Catalyst 3750 Series | ||
| Cisco Catalyst 6500-E | ||
| Cisco Wireless LAN Controller software 7.1 | =3.2 | |
| Cisco Wireless LAN Controller software 7.1 | =3.2.116.21 | |
| Cisco Wireless LAN Controller software 7.1 | =4.0 | |
| Cisco Wireless LAN Controller software 7.1 | =4.0.155.0 | |
| Cisco Wireless LAN Controller software 7.1 | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml
- http://www.securityfocus.com/bid/25043
- http://secunia.com/advisories/26161
- http://www.securitytracker.com/id?1018444
- http://www.vupen.com/english/advisories/2007/2636
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35576
Frequently Asked Questions
What is the severity of CVE-2007-4011?
CVE-2007-4011 is classified as a high severity vulnerability as it allows remote attackers to cause a denial of service.
How do I fix CVE-2007-4011?
To fix CVE-2007-4011, upgrade the Cisco Wireless LAN Controller software to the recommended versions 3.2 20070727, 4.0 20070727, or 4.1.180.0 or later.
What devices are affected by CVE-2007-4011?
CVE-2007-4011 affects Cisco 4100, 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controllers running vulnerable software versions.
What type of attack does CVE-2007-4011 facilitate?
CVE-2007-4011 can facilitate a denial of service attack through traffic amplification or ARP storm via crafted unicast ARP requests.
What is the impact of CVE-2007-4011 on networks?
The impact of CVE-2007-4011 on networks can result in significant service disruption due to the denial of service conditions it introduces.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco 4100 wireless lan controller
- canonical/cisco 4400 wireless lan controller
- canonical/cisco airespace 4000 wireless lan controller
- canonical/cisco catalyst 3750 series
- canonical/cisco catalyst 6500-e
- canonical/cisco wireless lan controller software 7.1
- version/cisco wireless lan controller software 7.1/3.2
- version/cisco wireless lan controller software 7.1/3.2.116.21
- version/cisco wireless lan controller software 7.1/4.0
- version/cisco wireless lan controller software 7.1/4.0.155.0
- version/cisco wireless lan controller software 7.1/4.1