Cisco Wireless Control System Insecure Password Vulnerability
BID:26000
Info
Cisco Wireless Control System Insecure Password Vulnerability
| Bugtraq ID: | 26000 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5382 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 10 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Cisco Wireless Control System 4.1.91.0 |
| Not Vulnerable: |
Cisco Wireless Control System 4.2 |
Discussion
Cisco Wireless Control System Insecure Password Vulnerability
Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue occurs when the Cisco Wireless LAN Solution Engine (WLSE) uses a conversion utility to convert to the Cisco Wireless Control System (WCS). This issue is being tracked by Cisco Bug ID CSCsj71081
An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device.
This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions.
Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue occurs when the Cisco Wireless LAN Solution Engine (WLSE) uses a conversion utility to convert to the Cisco Wireless Control System (WCS). This issue is being tracked by Cisco Bug ID CSCsj71081
An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device.
This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions.
Exploit / POC
Cisco Wireless Control System Insecure Password Vulnerability
No specific exploit is required. An attacker simply has to log in to the device using the default Linux password.
No specific exploit is required. An attacker simply has to log in to the device using the default Linux password.
Solution / Fix
Cisco Wireless Control System Insecure Password Vulnerability
Solution:
The vendor has released Wireless Control System 4.2 to address this issue. Please see the references for more information.
Solution:
The vendor has released Wireless Control System 4.2 to address this issue. Please see the references for more information.
References
Cisco Wireless Control System Insecure Password Vulnerability
References:
References: