VAR-200710-0017
Vulnerability from variot - Updated: 2023-12-18 13:15The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue is being tracked by Cisco Bug ID CSCsj71081 An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device. This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions. Since there is no requirement to change these credentials during the transition, attackers can use these accounts with default credentials to gain full administrative control over WCS after transition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless control system",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "4.1.91.0"
},
{
"model": "wireless lan solution engine",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.91.0"
},
{
"model": "wireless control system",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1.91.0"
},
{
"model": "ciscoworks wireless lan solution engine",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1.91.0"
},
{
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1.91.0"
},
{
"model": "wireless control system",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
}
],
"sources": [
{
"db": "BID",
"id": "26000"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"db": "NVD",
"id": "CVE-2007-5382"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wireless_control_system:4.1.91.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.91.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5382"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5382",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-5382",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-28744",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-5382",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-196",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-28744",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28744"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"db": "NVD",
"id": "CVE-2007-5382"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue is being tracked by Cisco Bug ID CSCsj71081\nAn attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device. \nThis issue affects Cisco Wireless Control System 4.1.91.0 and prior versions. Since there is no requirement to change these credentials during the transition, attackers can use these accounts with default credentials to gain full administrative control over WCS after transition",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5382"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"db": "BID",
"id": "26000"
},
{
"db": "VULHUB",
"id": "VHN-28744"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5382",
"trust": 2.8
},
{
"db": "BID",
"id": "26000",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1018797",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "37936",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3456",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002761",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20071010 CISCO WIRELESS CONTROL SYSTEM CONVERSION UTILITY ADDS DEFAULT PASSWORD",
"trust": 0.6
},
{
"db": "XF",
"id": "37053",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200710-196",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-28744",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28744"
},
{
"db": "BID",
"id": "26000"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"db": "NVD",
"id": "CVE-2007-5382"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
]
},
"id": "VAR-200710-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28744"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:15:40.245000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20071010-wcs",
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20071010-wcs.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28744"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"db": "NVD",
"id": "CVE-2007-5382"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/26000"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00808d72db.shtml"
},
{
"trust": 1.7,
"url": "http://osvdb.org/37936"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018797"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/3456"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37053"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5382"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5382"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/3456"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/37053"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28744"
},
{
"db": "BID",
"id": "26000"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"db": "NVD",
"id": "CVE-2007-5382"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28744"
},
{
"db": "BID",
"id": "26000"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"db": "NVD",
"id": "CVE-2007-5382"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-28744"
},
{
"date": "2007-10-10T00:00:00",
"db": "BID",
"id": "26000"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"date": "2007-10-12T01:17:00",
"db": "NVD",
"id": "CVE-2007-5382"
},
{
"date": "2007-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-28744"
},
{
"date": "2015-05-07T17:35:00",
"db": "BID",
"id": "26000"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002761"
},
{
"date": "2017-07-29T01:33:38.583000",
"db": "NVD",
"id": "CVE-2007-5382"
},
{
"date": "2007-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CiscoWorks WLSE Vulnerabilities that can be obtained in a conversion utility that converts files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002761"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-196"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…