what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 20870

Secunia Security Advisory 20870
Posted Jun 29, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities and a security issue have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious, local users to gain knowledge of sensitive information, and by malicious people to gain knowledge of sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions and potentially compromise a vulnerable system.

tags | advisory, local, vulnerability, xss
systems | cisco
SHA-256 | 657a0de0a33b0b5bf8181d65d907bcf3202f9c42c340715e23ccfdbee1391bd4

Secunia Security Advisory 20870

Change Mirror Download


----------------------------------------------------------------------

Reverse Engineer Wanted

Secunia offers a Security Specialist position with emphasis on
reverse engineering of software and exploit code, auditing of
source code, and analysis of vulnerability reports.

http://secunia.com/secunia_security_specialist/

----------------------------------------------------------------------

TITLE:
Cisco Wireless Control System Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA20870

VERIFY ADVISORY:
http://secunia.com/advisories/20870/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access

WHERE:
>From remote

SOFTWARE:
Cisco Wireless Control System (WCS) 1.x
http://secunia.com/product/6332/

DESCRIPTION:
Some vulnerabilities and a security issue have been reported in Cisco
Wireless Control System (WCS), which can be exploited by malicious,
local users to gain knowledge of sensitive information, and by
malicious people to gain knowledge of sensitive information, conduct
cross-site scripting attacks, bypass certain security restrictions
and potentially compromise a vulnerable system.

1) An undocumented username and hard-coded password exists in the
WCS. This can be exploited to connect to the WCS internal database
and to gain access to the configuration information of managed
wireless access points.

The security issue has been reported in WCS for Linux and Windows
3.2(40) and prior.

2) Undocumented database username and password are stored in clear
text in several WCS files. This can potentially be exploited by local
users to gain knowledge of the user credentials and to gain access to
the database.

The vulnerability has been reported in WCS for Linux and Windows
3.2(51) and prior.

3) An error within the internal TFTP server allows reading from or
writing to arbitrary locations in the filesystem of a WCS system.

Successful exploitation requires that the configured root directory
of the TFTP server contains a space character.

The vulnerability has been reported in WCS for Linux and Windows
3.2(51) and prior.

4) Input passed to the unspecified parameter in login page is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

The vulnerability has been reported in WCS for Linux and Windows
3.2(51) and prior.

5) An access control error within the WCS HTTP server can be
exploited to gain access to certain directories, which may contain
sensitive information like WCS usernames and directory paths.

The vulnerability has been reported in WCS for Linux and Windows
3.2(51) and prior.

Note: It has also been reported that WCS for Linux and Windows 4.0(1)
and prior are installed with a default administrator username root,
with a default password of public.

SOLUTION:
Update to WCS for Linux and Windows 3.2(63) or later.
http://www.cisco.com/public/sw-center/sw-usingswc.shtml

Default administrator passwords should be changed after installation.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close