PT-2007-6433 · Cisco · Ciscoworks Wireless Lan Solution Engine+1

Published

2007-10-12

Updated

2017-07-29

CVE-2007-5382

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: CiscoWorks Wireless LAN Solution Engine (WLSE) versions 4.1.91.0 and earlier

Description: The issue arises from the conversion utility used to migrate from CiscoWorks Wireless LAN Solution Engine (WLSE) to Cisco Wireless Control System (WCS), which creates administrator accounts with default usernames and passwords. This allows remote attackers to gain privileges.

Recommendations: For CiscoWorks Wireless LAN Solution Engine (WLSE) versions 4.1.91.0 and earlier, change the default administrator usernames and passwords created by the conversion utility to secure credentials as soon as possible after the migration to Cisco Wireless Control System (WCS).

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2007-5382

Affected Products

Cisco Wireless Control System

Ciscoworks Wireless Lan Solution Engine

PT-2007-6433 · Cisco · Ciscoworks Wireless Lan Solution Engine+1

CVE-2007-5382

Weakness Enumeration

Related Identifiers

Affected Products

References · 7