Vulnslist

find the latest Cisco vulnerabilities

Cisco Wireless Control System Conversion Utility Adds Default Password

cisco-sa-20071010-wcs · Critical · Published · Updated

Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a conversion utility to convert over to a Cisco Wireless Control System (WCS). This conversion utility creates and uses administrative accounts with default credentials. Because there is no requirement to change these credentials during the conversion process, an attacker may be able to leverage the accounts that have default credentials to take full administrative control of the WCS after the conversion has been completed. Customers who have converted their CiscoWorks WLSE to a Cisco WCS are advised to set strong passwords for all accounts on their Cisco WCS. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20071010-wcs.

Cisco advisory ·CSAF JSON

Workarounds

No workaround information imported yet.

CVEsCVE-2007-5382
Cisco Bug IDsNA
CVSS ScoreBase 10.0
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Wireless Control System (WCS) Software

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2007-5382 Cisco OpenVuln
Cisco Application Centric Infrastructure Virtual Edge CVE-2007-5382 Cisco OpenVuln
CiscoWorks Wireless LAN Solution Engine (WLSE) CVE-2007-5382 Cisco OpenVuln
Cisco Wireless Control System (WCS) Software CVE-2007-5382 Cisco OpenVuln