Executive Summary
| Summary | |
|---|---|
| Title | Multiple Vulnerabilities in the Cisco Wireless Control System |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20070412-wcs | First vendor Publication | 2007-02-19 |
| Vendor | Cisco | Last vendor Modification | 2007-04-14 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The Cisco Wireless Control System (WCS) works in conjunction with Cisco Aironet Lightweight Access Points, Cisco Wireless LAN Controllers, and the Cisco Wireless Location Appliance by providing tools for wireless LAN planning and design, system configuration, location tracking, security monitoring, and wireless LAN management. Cisco WCS contains multiple vulnerabilities that can result in information disclosure, privilege escalation, and unauthorized access through fixed authentication credentials. |
Original Source
| Url : http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Hardware | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 34132 | Cisco Wireless Control System (WCS) Persistent FTP Backup Credentials By default, Wireless Control System installs with a default FTP password, which cannot be changed or disabled. This allows attackers to trivially access the program or system. |
| 34131 | Cisco Wireless Control System (WCS) Direct Request Arbitrary File Access Wireless Control System contains a flaw that may lead to an unauthorized information disclosure. The issue is caused by the absence of password protection on several directories and files, which will disclose some configuration information resulting in a loss of confidentiality. |
| 34130 | Cisco Wireless Control System (WCS) Unspecified Remote Privilege Escalation Wireless Control System contains an unspecified flaw that may allow a malicious user to gain access to unauthorized privileges. The issue allows any valid user to escalate privileges to the SuperUser group, leading to a loss of integrity. |
| 34129 | Cisco Wireless Control System (WCS) Arbitrary Config Page Access Wireless Control System contains an unspecied flaw that may allow a malicious user to gain access to configuration information. This flaw may lead to a loss of confidentiality. |
