cvelistv5 - cve-2007-5382

CVE-2007-5382 (GCVE-0-2007-5382)

Vulnerability from cvelistv5 – Published: 2007-10-12 01:00 – Updated: 2024-08-07 15:31

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/3456	vdb-entryx_refsource_VUPEN
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id?1018797	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/26000	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/37936	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:58.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-3456",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3456"
          },
          {
            "name": "20071010 Cisco Wireless Control System Conversion Utility Adds Default Password",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml"
          },
          {
            "name": "1018797",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018797"
          },
          {
            "name": "26000",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26000"
          },
          {
            "name": "ciscowcs-default-password-admin-account(37053)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
          },
          {
            "name": "37936",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37936"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-3456",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3456"
        },
        {
          "name": "20071010 Cisco Wireless Control System Conversion Utility Adds Default Password",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml"
        },
        {
          "name": "1018797",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018797"
        },
        {
          "name": "26000",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26000"
        },
        {
          "name": "ciscowcs-default-password-admin-account(37053)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
        },
        {
          "name": "37936",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37936"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5382",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-3456",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3456"
            },
            {
              "name": "20071010 Cisco Wireless Control System Conversion Utility Adds Default Password",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml"
            },
            {
              "name": "1018797",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018797"
            },
            {
              "name": "26000",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26000"
            },
            {
              "name": "ciscowcs-default-password-admin-account(37053)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
            },
            {
              "name": "37936",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37936"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5382",
    "datePublished": "2007-10-12T01:00:00",
    "dateReserved": "2007-10-11T00:00:00",
    "dateUpdated": "2024-08-07T15:31:58.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.1.91.0\", \"matchCriteriaId\": \"ACDCDB67-42FF-40D3-A308-04431B309496\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:wireless_control_system:4.1.91.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AA636D6-3DFB-45FD-BCC4-844C33523DE0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.\"}, {\"lang\": \"es\", \"value\": \"La utilidad de conversi\\u00f3n para converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 y versiones anteriores en Cisco Wireless Control System (WCS) crea cuentas de administrador con nombres y contrase\\u00f1as por defecto, lo cual permite a atacantes remotos obtener privilegios.\"}]",
      "id": "CVE-2007-5382",
      "lastModified": "2024-11-21T00:37:46.360",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-12T01:17:00.000",
      "references": "[{\"url\": \"http://osvdb.org/37936\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26000\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018797\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3456\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37053\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37936\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018797\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37053\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5382\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-12T01:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.\"},{\"lang\":\"es\",\"value\":\"La utilidad de conversi\u00f3n para converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 y versiones anteriores en Cisco Wireless Control System (WCS) crea cuentas de administrador con nombres y contrase\u00f1as por defecto, lo cual permite a atacantes remotos obtener privilegios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.1.91.0\",\"matchCriteriaId\":\"ACDCDB67-42FF-40D3-A308-04431B309496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:wireless_control_system:4.1.91.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA636D6-3DFB-45FD-BCC4-844C33523DE0\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37936\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26000\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018797\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3456\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37053\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-441

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'utilitaire de conversion d'un CiscoWorks WLSE en un Cisco WCS permettrait à un individu malveillant de contourner le politique de sécurité.

Description

Une vulnérabilité dans l'utilitaire de conversion d'un CiscoWorks Wireless Solution Engine (WLSE) en un Cisco WCS permet à un attaquant de prendre le contrôle du Cisco WCS avec les droits d'administration après conversion. Cet utilitaire créé et utilise par défaut un compte avec des droits d'administration. L'absence d'obligation de modification de ce compte pendant le processus de conversion permettrait à un attaquant de prendre pleinement le contrôle du système après la conversion.

Solution

Se référer au bulletin de sécurité de Cisco pour l'obtention des correctifs (cf. section Documentation).

Tous les Cisco WCS convertis à partir de l'utilitaire de conversion CiscoWorks WLSE version 4.1.91.0 et les versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco SA-20071010-WCS du 10 octobre 2007	None	vendor-advisory
Bulletin de sécurité Cisco SA-20071010-WCS du 10 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eTous les Cisco WCS convertis \u00e0 partir  de l\u0027utilitaire de conversion CiscoWorks WLSE version 4.1.91.0 et  les versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans l\u0027utilitaire de conversion d\u0027un CiscoWorks\nWireless Solution Engine (WLSE) en un Cisco WCS permet \u00e0 un attaquant de\nprendre le contr\u00f4le du Cisco WCS avec les droits d\u0027administration apr\u00e8s\nconversion. Cet utilitaire cr\u00e9\u00e9 et utilise par d\u00e9faut un compte avec des\ndroits d\u0027administration. L\u0027absence d\u0027obligation de modification de ce\ncompte pendant le processus de conversion permettrait \u00e0 un attaquant de\nprendre pleinement le contr\u00f4le du syst\u00e8me apr\u00e8s la conversion.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Cisco pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5382"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco SA-20071010-WCS du 10 octobre    2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-441",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027utilitaire de conversion d\u0027un CiscoWorks WLSE\nen un Cisco WCS permettrait \u00e0 un individu malveillant de contourner le\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco Wireless Control System (WCS)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco SA-20071010-WCS du 10 octobre 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-441

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'utilitaire de conversion d'un CiscoWorks WLSE en un Cisco WCS permettrait à un individu malveillant de contourner le politique de sécurité.

Description

Solution

Se référer au bulletin de sécurité de Cisco pour l'obtention des correctifs (cf. section Documentation).

Tous les Cisco WCS convertis à partir de l'utilitaire de conversion CiscoWorks WLSE version 4.1.91.0 et les versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco SA-20071010-WCS du 10 octobre 2007	None	vendor-advisory
Bulletin de sécurité Cisco SA-20071010-WCS du 10 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eTous les Cisco WCS convertis \u00e0 partir  de l\u0027utilitaire de conversion CiscoWorks WLSE version 4.1.91.0 et  les versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans l\u0027utilitaire de conversion d\u0027un CiscoWorks\nWireless Solution Engine (WLSE) en un Cisco WCS permet \u00e0 un attaquant de\nprendre le contr\u00f4le du Cisco WCS avec les droits d\u0027administration apr\u00e8s\nconversion. Cet utilitaire cr\u00e9\u00e9 et utilise par d\u00e9faut un compte avec des\ndroits d\u0027administration. L\u0027absence d\u0027obligation de modification de ce\ncompte pendant le processus de conversion permettrait \u00e0 un attaquant de\nprendre pleinement le contr\u00f4le du syst\u00e8me apr\u00e8s la conversion.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Cisco pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5382"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco SA-20071010-WCS du 10 octobre    2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-441",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027utilitaire de conversion d\u0027un CiscoWorks WLSE\nen un Cisco WCS permettrait \u00e0 un individu malveillant de contourner le\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Cisco Wireless Control System (WCS)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco SA-20071010-WCS du 10 octobre 2007",
      "url": null
    }
  ]
}

GHSA-R65M-P5H5-GWG7

Vulnerability from github – Published: 2022-05-01 18:32 – Updated: 2022-05-01 18:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5382"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-12T01:17:00Z",
    "severity": "HIGH"
  },
  "details": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.",
  "id": "GHSA-r65m-p5h5-gwg7",
  "modified": "2022-05-01T18:32:45Z",
  "published": "2022-05-01T18:32:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5382"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37936"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26000"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018797"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3456"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200710-0017

Vulnerability from variot - Updated: 2023-12-18 13:15

The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue is being tracked by Cisco Bug ID CSCsj71081 An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device. This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions. Since there is no requirement to change these credentials during the transition, attackers can use these accounts with default credentials to gain full administrative control over WCS after transition

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200710-0017",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless control system",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "4.1.91.0"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.91.0"
      },
      {
        "model": "wireless control system",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1.91.0"
      },
      {
        "model": "ciscoworks wireless lan solution engine",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.1.91.0"
      },
      {
        "model": "wireless lan solution engine",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.1.91.0"
      },
      {
        "model": "wireless control system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26000"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:wireless_control_system:4.1.91.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.91.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5382"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-5382",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-5382",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-28744",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5382",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200710-196",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28744",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue is being tracked by Cisco Bug ID CSCsj71081\nAn attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device. \nThis issue affects Cisco Wireless Control System 4.1.91.0 and prior versions. Since there is no requirement to change these credentials during the transition, attackers can use these accounts with default credentials to gain full administrative control over WCS after transition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5382"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "db": "BID",
        "id": "26000"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28744"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5382",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26000",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1018797",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "37936",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3456",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20071010 CISCO WIRELESS CONTROL SYSTEM CONVERSION UTILITY ADDS DEFAULT PASSWORD",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "37053",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28744",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28744"
      },
      {
        "db": "BID",
        "id": "26000"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ]
  },
  "id": "VAR-200710-0017",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28744"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:15:40.245000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20071010-wcs",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20071010-wcs.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5382"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26000"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00808d72db.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/37936"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018797"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/3456"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5382"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5382"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/3456"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/37053"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28744"
      },
      {
        "db": "BID",
        "id": "26000"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28744"
      },
      {
        "db": "BID",
        "id": "26000"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28744"
      },
      {
        "date": "2007-10-10T00:00:00",
        "db": "BID",
        "id": "26000"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "date": "2007-10-12T01:17:00",
        "db": "NVD",
        "id": "CVE-2007-5382"
      },
      {
        "date": "2007-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28744"
      },
      {
        "date": "2015-05-07T17:35:00",
        "db": "BID",
        "id": "26000"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      },
      {
        "date": "2017-07-29T01:33:38.583000",
        "db": "NVD",
        "id": "CVE-2007-5382"
      },
      {
        "date": "2007-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CiscoWorks WLSE Vulnerabilities that can be obtained in a conversion utility that converts files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002761"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-196"
      }
    ],
    "trust": 0.6
  }
}

GSD-2007-5382

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5382

Aliases

CVE-2007-5382

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5382",
    "description": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.",
    "id": "GSD-2007-5382"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5382"
      ],
      "details": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.",
      "id": "GSD-2007-5382",
      "modified": "2023-12-13T01:21:41.293419Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5382",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-3456",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3456"
          },
          {
            "name": "20071010 Cisco Wireless Control System Conversion Utility Adds Default Password",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml"
          },
          {
            "name": "1018797",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018797"
          },
          {
            "name": "26000",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26000"
          },
          {
            "name": "ciscowcs-default-password-admin-account(37053)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
          },
          {
            "name": "37936",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37936"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:wireless_control_system:4.1.91.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.91.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5382"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071010 Cisco Wireless Control System Conversion Utility Adds Default Password",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml"
            },
            {
              "name": "26000",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26000"
            },
            {
              "name": "1018797",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018797"
            },
            {
              "name": "37936",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37936"
            },
            {
              "name": "ADV-2007-3456",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3456"
            },
            {
              "name": "ciscowcs-default-password-admin-account(37053)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-10-12T01:17Z"
    }
  }
}

FKIE_CVE-2007-5382

Vulnerability from fkie_nvd - Published: 2007-10-12 01:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://osvdb.org/37936
	cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml
	cve@mitre.org	http://www.securityfocus.com/bid/26000
	cve@mitre.org	http://www.securitytracker.com/id?1018797
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/3456
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37053
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37936
	af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26000
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018797
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3456
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37053

Impacted products

	Vendor	Product	Version
	cisco	wireless_lan_solution_engine	*
	cisco	wireless_control_system	4.1.91.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACDCDB67-42FF-40D3-A308-04431B309496",
              "versionEndIncluding": "4.1.91.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:wireless_control_system:4.1.91.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA636D6-3DFB-45FD-BCC4-844C33523DE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges."
    },
    {
      "lang": "es",
      "value": "La utilidad de conversi\u00f3n para converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 y versiones anteriores en Cisco Wireless Control System (WCS) crea cuentas de administrador con nombres y contrase\u00f1as por defecto, lo cual permite a atacantes remotos obtener privilegios."
    }
  ],
  "id": "CVE-2007-5382",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-12T01:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37936"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26000"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018797"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3456"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5382 (GCVE-0-2007-5382)

CERTA-2007-AVI-441

Description

Solution

CERTA-2007-AVI-441

Description

Solution

GHSA-R65M-P5H5-GWG7

VAR-200710-0017

GSD-2007-5382

FKIE_CVE-2007-5382

Tags

Sightings

Nomenclature