CVE-2005-3253

Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf
http://secunia.com/advisories/18047	Patch Vendor Advisory
http://secunia.com/advisories/18057
http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf	Patch Vendor Advisory
http://www.osvdb.org/22091
http://www.vupen.com/english/advisories/2005/2931
http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf
http://secunia.com/advisories/18047	Patch Vendor Advisory
http://secunia.com/advisories/18057
http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf	Patch Vendor Advisory
http://www.osvdb.org/22091
http://www.vupen.com/english/advisories/2005/2931

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avaya:wireless_ap-3:2.5:::::::*
	cpe:2.3:a:avaya:wireless_ap-3:2.5.4:::::::*
	cpe:2.3:a:avaya:wireless_ap-4:2.5:::::::*
	cpe:2.3:a:avaya:wireless_ap-4:2.5.4:::::::*
	cpe:2.3:a:avaya:wireless_ap-5:2.5:::::::*
	cpe:2.3:a:avaya:wireless_ap-5:2.5.4:::::::*
	cpe:2.3:a:avaya:wireless_ap-6:2.5:::::::*
	cpe:2.3:a:avaya:wireless_ap-6:2.5.4:::::::*
	cpe:2.3:a:avaya:wireless_ap-7:2.5:::::::*
	cpe:2.3:a:avaya:wireless_ap-8:2.5:::::::*

Configuration 2 (hide)

OR	cpe:2.3:h:proxim:ap-2000:2.5.4:::::::*
	cpe:2.3:h:proxim:ap-4000:2.4.12:::::::*
	cpe:2.3:h:proxim:ap-4000:3.0:::::::*
	cpe:2.3:h:proxim:ap-600:2.5.4:::::::*
	cpe:2.3:h:proxim:ap-700:2.4.12:::::::*
	cpe:2.3:h:proxim:ap-700:3.0:::::::*

History

21 Nov 2024, 00:01

Type	Values Removed	Values Added
References	~~() http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf -~~	() http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf -
References	~~() http://secunia.com/advisories/18047 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/18047 - Patch, Vendor Advisory
References	~~() http://secunia.com/advisories/18057 -~~	() http://secunia.com/advisories/18057 -
References	~~() http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf - Patch, Vendor Advisory~~	() http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf - Patch, Vendor Advisory
References	~~() http://www.osvdb.org/22091 -~~	() http://www.osvdb.org/22091 -
References	~~() http://www.vupen.com/english/advisories/2005/2931 -~~	() http://www.vupen.com/english/advisories/2005/2931 -

Information

Published : 2005-12-16 11:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-3253

Mitre link : CVE-2005-3253

CVE.ORG link : CVE-2005-3253

JSON object : View

Products Affected

avaya

wireless_ap-4
wireless_ap-3
wireless_ap-8
wireless_ap-6
wireless_ap-7
wireless_ap-5

proxim

ap-2000
ap-4000
ap-700
ap-600

CWE

NVD-CWE-Other

{"id": "CVE-2005-3253", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-16T11:03:00.000", "references": [{"url": "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18047", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18057", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22091", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2931", "source": "cve@mitre.org"}, {"url": "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/18047", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/18057", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/22091", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2005/2931", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of \"12345\", which allows remote attackers to bypass authentication."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:wireless_ap-3:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE41CF27-432E-4A11-A804-954195538FB4"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-3:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF5C425E-F670-4DEF-B532-07D8DC66E8CF"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-4:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1485FB74-AD78-40B4-8183-63B11BF27249"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-4:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92381317-38CE-4B56-B3AC-4465A351EDD5"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-5:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF560B1A-F41F-4EDE-9172-60AD80EBF9E2"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-5:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7307F22-DB94-4DE4-8873-6A6CA791213C"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-6:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D95A1268-ECCF-4AC0-BD14-2D0B9172AEE3"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-6:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B95082B7-7B8D-4A7E-9506-592E2399287B"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-7:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABF3A01B-17E5-4683-8EAC-0E174473A5A6"}, {"criteria": "cpe:2.3:a:avaya:wireless_ap-8:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA452029-2FB7-4B84-9DDC-84A3007650CF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:proxim:ap-2000:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DD83FFB-8EE9-4551-B36C-4D7CF68EFF29"}, {"criteria": "cpe:2.3:h:proxim:ap-4000:2.4.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C41ED996-F360-4CC6-9916-EEE454BC5E25"}, {"criteria": "cpe:2.3:h:proxim:ap-4000:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7235EE55-1513-45DE-A5A8-E60A0192C35C"}, {"criteria": "cpe:2.3:h:proxim:ap-600:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B336E98-6E84-41CA-8EF2-2E8D67B9B247"}, {"criteria": "cpe:2.3:h:proxim:ap-700:2.4.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A1BE5EA-F7B6-4A4D-A527-DFD074B37D28"}, {"criteria": "cpe:2.3:h:proxim:ap-700:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08771AE2-6096-4268-A0A8-28041ED49D48"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10