Executive Summary

TitleMultiple Vulnerabilities in the Cisco Wireless Control System
Namecisco-sa-20070412-wcsFirst vendor Publication2007-02-19
VendorCiscoLast vendor Modification2007-04-14
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score9Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores


The Cisco Wireless Control System (WCS) works in conjunction with Cisco Aironet Lightweight Access Points, Cisco Wireless LAN Controllers, and the Cisco Wireless Location Appliance by providing tools for wireless LAN planning and design, system configuration, location tracking, security monitoring, and wireless LAN management. Cisco WCS contains multiple vulnerabilities that can result in information disclosure, privilege escalation, and unauthorized access through fixed authentication credentials.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml

CPE : Common Platform Enumeration


Open Source Vulnerability Database (OSVDB)

34132Cisco Wireless Control System (WCS) Persistent FTP Backup Credentials
34131Cisco Wireless Control System (WCS) Direct Request Arbitrary File Access
34130Cisco Wireless Control System (WCS) Unspecified Remote Privilege Escalation
34129Cisco Wireless Control System (WCS) Arbitrary Config Page Access