CVE-2007-5382
published 2007-10-12CVE-2007-5382: The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates…
PriorityP346critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
2.57%
83.2th percentile
The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | wireless_control_system | — | — |
| cisco | wireless_control_system_conversion_utility_adds_default_password | — | — |
| cisco | wireless_lan_solution_engine | <= 4.1.91.0 | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Wireless Control System Conversion Utility Adds Default Password
vendor_cisco·2007-10-10·CVSS 10.0
CVE-2007-5382 [CRITICAL] Cisco Wireless Control System Conversion Utility Adds Default Password
Cisco Wireless Control System Conversion Utility Adds Default Password
Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE)
may use a conversion utility to convert over to a Cisco Wireless Control System
(WCS). This conversion utility creates and uses administrative accounts with
default credentials. Because there is no requirement to change these
credentials during the conversion process, an attacker may be able to leverage
the accounts that have default credentials to take full administrative control
of the WCS after the conversion has been completed.
Customers who have converted their CiscoWorks WLSE to a Cisco WCS are
advised to set strong passwords for all accounts on their Cisco WCS.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/C
Cisco
Cisco Wireless Control System Conversion Utility Adds Default Password
vendor_cisco
CVE-2007-5382 Cisco Wireless Control System Conversion Utility Adds Default Password
CVE-2007-5382: Cisco Wireless Control System Conversion Utility Adds Default Password
Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a conversion utility to convert over to a Cisco Wireless Control System (WCS). This conversion utility creates and uses administrative accounts with default credentials. Because there is no requirement to change these credentials during the conversion process, an attacker may be able to leverage the accounts that have default credentials to take full administrative control of the WCS after the conversion has been completed. Customers who have converted their CiscoWorks WLSE to a Cisco WCS are advised to set strong passwords for all accounts on their Cisco WCS. This advisory is posted at https://sec.cloudapps.cisco.com/security/ce
GHSA
GHSA-r65m-p5h5-gwg7: The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4
ghsa_unreviewed·2022-05-01
CVE-2007-5382 [HIGH] GHSA-r65m-p5h5-gwg7: The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4
The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/37936http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtmlhttp://www.securityfocus.com/bid/26000http://www.securitytracker.com/id?1018797http://www.vupen.com/english/advisories/2007/3456https://exchange.xforce.ibmcloud.com/vulnerabilities/37053http://osvdb.org/37936http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtmlhttp://www.securityfocus.com/bid/26000http://www.securitytracker.com/id?1018797http://www.vupen.com/english/advisories/2007/3456https://exchange.xforce.ibmcloud.com/vulnerabilities/37053
2007-10-12
Published