cisco-sa-20070412-wcs

Executive Summary

Summary
Title	Multiple Vulnerabilities in the Cisco Wireless Control System

Informations
Name	cisco-sa-20070412-wcs	First vendor Publication	2007-02-19
Vendor	Cisco	Last vendor Modification	2007-04-14
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score	9	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	8	Authentification	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The Cisco Wireless Control System (WCS) works in conjunction with Cisco Aironet Lightweight Access Points, Cisco Wireless LAN Controllers, and the Cisco Wireless Location Appliance by providing tools for wireless LAN planning and design, system configuration, location tracking, security monitoring, and wireless LAN management. Cisco WCS contains multiple vulnerabilities that can result in information disclosure, privilege escalation, and unauthorized access through fixed authentication credentials.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Cisco Wireless Control System cpe:/h:cisco:wireless_control_system:4.0.95 cpe:/h:cisco:wireless_control_system:4.0	2

Open Source Vulnerability Database (OSVDB)

id	Description
34132	Cisco Wireless Control System (WCS) Persistent FTP Backup Credentials
34131	Cisco Wireless Control System (WCS) Direct Request Arbitrary File Access
34130	Cisco Wireless Control System (WCS) Unspecified Remote Privilege Escalation
34129	Cisco Wireless Control System (WCS) Arbitrary Config Page Access