CVE-2007-2040

Name of the Vulnerable Software and Affected Versions Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points versions 4.0.x through 4.0.205.0 Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points versions prior to 3.2.185.0

Description The issue allows attackers with physical access to perform arbitrary actions on the device due to a hard-coded password. Additionally, the Cisco Wireless LAN Controller contains multiple vulnerabilities that could result in a denial of service condition, information disclosure, or access control list changes, or allow an attacker to gain full administrative access.

Recommendations For versions prior to 3.2.185.0, update to version 3.2.185.0 or later to address the hard-coded password issue. For versions 4.0.x through 4.0.205.0, update to version 4.0.206.0 or later to address the hard-coded password issue. As a temporary workaround, consider restricting physical access to the devices until a patch is available. Apply the free software made available by Cisco to address the vulnerabilities in the Cisco Wireless LAN Controller. Use the workarounds available to mitigate the effects of these vulnerabilities.