Details of VAR-200704-0016

ID

VAR-200704-0016

CVE

CVE-2007-2032

TITLE

Cisco WCS Vulnerable to arbitrary file modification

Trust: 0.8

sources: JVNDB: JVNDB-2007-001819

DESCRIPTION

Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. In some cases, this can lead to changing system files and hacking the server. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Cisco Wireless Control System Vulnerability and Security Issues SECUNIA ADVISORY ID: SA24865 VERIFY ADVISORY: http://secunia.com/advisories/24865/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote SOFTWARE: Cisco Wireless Control System (WCS) http://secunia.com/product/6332/ DESCRIPTION: A vulnerability and two security issues have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a vulnerable system. 1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems. Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server. The security issue has been reported in WCS prior to version 4.0.96.0. 2) An unspecified error exists in the authentication system, which can be exploited by an authenticated user to change his account group membership. Successful exploitation can allow full administrative control of WCS, but requires a valid username and password. The vulnerability is reported in WCS prior to version 4.0.87.0. 3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations. The security issue is reported in WCS prior to version 4.0.66.0. SOLUTION: Update to version 4.0.96.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2032 // JVNDB: JVNDB-2007-001819 // BID: 23460 // VULHUB: VHN-25394 // PACKETSTORM: 55915

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless control system	scope:	eq	version:	4.0	Trust: 1.6
vendor:	cisco	model:	wireless control system	scope:	eq	version:	4.0.95	Trust: 1.6
vendor:	cisco	model:	wireless control system	scope:	lt	version:	4.0.96.0	Trust: 0.8
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	4.0.95	Trust: 0.3
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	wireless control system software	scope:	ne	version:	4.0.96	Trust: 0.3

sources: BID: 23460 // JVNDB: JVNDB-2007-001819 // CNNVD: CNNVD-200704-259 // NVD: CVE-2007-2032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2032
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-2032
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200704-259
value:	HIGH
Trust: 0.6
VULHUB:	VHN-25394
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-2032
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-25394
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25394 // JVNDB: JVNDB-2007-001819 // CNNVD: CNNVD-200704-259 // NVD: CVE-2007-2032

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-259

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200704-259

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001819

PATCH

title:

cisco-sa-20070412-wcs

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070412-wcs

Trust: 0.8

sources: JVNDB: JVNDB-2007-001819

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2032	Trust: 2.8
db:	BID	id:	23460	Trust: 2.0
db:	SECUNIA	id:	24865	Trust: 1.8
db:	VUPEN	id:	ADV-2007-1367	Trust: 1.7
db:	SECTRACK	id:	1017907	Trust: 1.7
db:	OSVDB	id:	34132	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001819	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-259	Trust: 0.7
db:	XF	id:	33614	Trust: 0.6
db:	CISCO	id:	20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS CONTROL SYSTEM	Trust: 0.6
db:	VULHUB	id:	VHN-25394	Trust: 0.1
db:	PACKETSTORM	id:	55915	Trust: 0.1

sources: VULHUB: VHN-25394 // BID: 23460 // JVNDB: JVNDB-2007-001819 // PACKETSTORM: 55915 // CNNVD: CNNVD-200704-259 // NVD: CVE-2007-2032

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/23460	Trust: 1.7
url:	http://www.osvdb.org/34132	Trust: 1.7
url:	http://securitytracker.com/id?1017907	Trust: 1.7
url:	http://secunia.com/advisories/24865	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/1367	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33614	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2032	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2032	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/33614	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/1367	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/465507	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6332/	Trust: 0.1
url:	http://corporate.secunia.com/trial/38/request/	Trust: 0.1
url:	http://secunia.com/advisories/24865/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-25394 // BID: 23460 // JVNDB: JVNDB-2007-001819 // PACKETSTORM: 55915 // CNNVD: CNNVD-200704-259 // NVD: CVE-2007-2032

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200704-259

SOURCES

db:	VULHUB	id:	VHN-25394
db:	BID	id:	23460
db:	JVNDB	id:	JVNDB-2007-001819
db:	PACKETSTORM	id:	55915
db:	CNNVD	id:	CNNVD-200704-259
db:	NVD	id:	CVE-2007-2032

LAST UPDATE DATE

2025-04-10T23:07:34.515000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25394	date:	2017-07-29T00:00:00
db:	BID	id:	23460	date:	2016-07-06T14:39:00
db:	JVNDB	id:	JVNDB-2007-001819	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200704-259	date:	2007-04-17T00:00:00
db:	NVD	id:	CVE-2007-2032	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25394	date:	2007-04-16T00:00:00
db:	BID	id:	23460	date:	2007-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2007-001819	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	55915	date:	2007-04-16T16:29:53
db:	CNNVD	id:	CNNVD-200704-259	date:	2007-04-16T00:00:00
db:	NVD	id:	CVE-2007-2032	date:	2007-04-16T21:19:00