Info

Disclosure

Jun 28, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

By default, Wireless Control System installs with a default password. The "root" account has a password of "public" which is publicly known and documented. This allows attackers to trivially access the program or system.

Classification

Location: Remote / Network Access, Wireless Vector
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Change the root password.

Products

Cisco Systems, Inc.	Wireless Control System	3.1(33)
		3.2(23)
		3.2(25)
		3.2(40)
		3.2(51)
		4.0(1)

References

Security Tracker: 1016398
Bugtraq ID: 18701
CVE ID: 2006-3287 (see also: NVD)
Secunia Advisory ID: 20870
Related OSVDB ID: 26880 26881 26883 26884
ISS X-Force ID: 27439
VUPEN Advisory: ADV-2006-2583
Keyword: CSCse21391
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0783.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/26882

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

Wireless Control System

References

Credit