PT-2007-6433 · Cisco · Ciscoworks Wireless Lan Solution Engine+1

Publicado

2007-10-12

Atualizado

2017-07-29

CVE-2007-5382

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: CiscoWorks Wireless LAN Solution Engine (WLSE) versions 4.1.91.0 and earlier

Description: The issue arises from the conversion utility used to migrate from CiscoWorks Wireless LAN Solution Engine (WLSE) to Cisco Wireless Control System (WCS), which creates administrator accounts with default usernames and passwords. This allows remote attackers to gain privileges.

Recommendations: For CiscoWorks Wireless LAN Solution Engine (WLSE) versions 4.1.91.0 and earlier, change the default administrator usernames and passwords created by the conversion utility to secure credentials as soon as possible after the migration to Cisco Wireless Control System (WCS).

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2007-5382

Produtos afetados

Cisco Wireless Control System

Ciscoworks Wireless Lan Solution Engine

PT-2007-6433 · Cisco · Ciscoworks Wireless Lan Solution Engine+1

CVE-2007-5382

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7