Executive Summary

Title Multiple Vulnerabilities in the Cisco Wireless Control System
Name cisco-sa-20070412-wcs First vendor Publication 2007-02-19
Vendor Cisco Last vendor Modification 2007-04-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


The Cisco Wireless Control System (WCS) works in conjunction with Cisco Aironet Lightweight Access Points, Cisco Wireless LAN Controllers, and the Cisco Wireless Location Appliance by providing tools for wireless LAN planning and design, system configuration, location tracking, security monitoring, and wireless LAN management. Cisco WCS contains multiple vulnerabilities that can result in information disclosure, privilege escalation, and unauthorized access through fixed authentication credentials.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml

CPE : Common Platform Enumeration


Open Source Vulnerability Database (OSVDB)

34132Cisco Wireless Control System (WCS) Persistent FTP Backup Credentials
34131Cisco Wireless Control System (WCS) Direct Request Arbitrary File Access
34130Cisco Wireless Control System (WCS) Unspecified Remote Privilege Escalation
34129Cisco Wireless Control System (WCS) Arbitrary Config Page Access