CVE-2007-4011

high

Description

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35576

http://www.vupen.com/english/advisories/2007/2636

http://www.securitytracker.com/id?1018444

http://www.securityfocus.com/bid/25043

http://www.cisco.com/en/US/products/products_security_advisory09186a008088ab28.shtml

http://secunia.com/advisories/26161

Details

Source: Mitre, NVD

Published: 2007-07-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.01033