Details of VAR-200704-0017

ID

VAR-200704-0017

CVE

CVE-2007-2033

TITLE

Cisco WCS Vulnerability in reading configuration page

Trust: 0.8

sources: JVNDB: JVNDB-2007-001820

DESCRIPTION

Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. For example, a user in the LobbyAmbassador group can be added to the SuperUsers group. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Cisco Wireless Control System Vulnerability and Security Issues SECUNIA ADVISORY ID: SA24865 VERIFY ADVISORY: http://secunia.com/advisories/24865/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote SOFTWARE: Cisco Wireless Control System (WCS) http://secunia.com/product/6332/ DESCRIPTION: A vulnerability and two security issues have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a vulnerable system. 1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems. Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server. The security issue has been reported in WCS prior to version 4.0.96.0. Successful exploitation can allow full administrative control of WCS, but requires a valid username and password. The vulnerability is reported in WCS prior to version 4.0.87.0. 3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations. The security issue is reported in WCS prior to version 4.0.66.0. SOLUTION: Update to version 4.0.96.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2033 // JVNDB: JVNDB-2007-001820 // BID: 23460 // VULHUB: VHN-25395 // PACKETSTORM: 55915

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless control system	scope:	lte	version:	4.0.95	Trust: 1.0
vendor:	cisco	model:	wireless control system	scope:	lt	version:	4.0.81.0	Trust: 0.8
vendor:	cisco	model:	wireless control system	scope:	eq	version:	4.0.95	Trust: 0.6
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	4.0.95	Trust: 0.3
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	wireless control system software	scope:	ne	version:	4.0.96	Trust: 0.3

sources: BID: 23460 // JVNDB: JVNDB-2007-001820 // CNNVD: CNNVD-200704-282 // NVD: CVE-2007-2033

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2033
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-2033
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200704-282
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-25395
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-2033
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-25395
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25395 // JVNDB: JVNDB-2007-001820 // CNNVD: CNNVD-200704-282 // NVD: CVE-2007-2033

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2033

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-282

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200704-282

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001820

PATCH

title:

cisco-sa-20070412-wcs

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070412-wcs

Trust: 0.8

sources: JVNDB: JVNDB-2007-001820

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2033	Trust: 2.8
db:	BID	id:	23460	Trust: 2.0
db:	SECUNIA	id:	24865	Trust: 1.8
db:	VUPEN	id:	ADV-2007-1367	Trust: 1.7
db:	SECTRACK	id:	1017907	Trust: 1.7
db:	OSVDB	id:	34129	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001820	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-282	Trust: 0.7
db:	CISCO	id:	20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS CONTROL SYSTEM	Trust: 0.6
db:	XF	id:	33612	Trust: 0.6
db:	VULHUB	id:	VHN-25395	Trust: 0.1
db:	PACKETSTORM	id:	55915	Trust: 0.1

sources: VULHUB: VHN-25395 // BID: 23460 // JVNDB: JVNDB-2007-001820 // PACKETSTORM: 55915 // CNNVD: CNNVD-200704-282 // NVD: CVE-2007-2033

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/23460	Trust: 1.7
url:	http://www.osvdb.org/34129	Trust: 1.7
url:	http://securitytracker.com/id?1017907	Trust: 1.7
url:	http://secunia.com/advisories/24865	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/1367	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33612	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2033	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2033	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/1367	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/33612	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/465507	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6332/	Trust: 0.1
url:	http://corporate.secunia.com/trial/38/request/	Trust: 0.1
url:	http://secunia.com/advisories/24865/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-25395 // BID: 23460 // JVNDB: JVNDB-2007-001820 // PACKETSTORM: 55915 // CNNVD: CNNVD-200704-282 // NVD: CVE-2007-2033

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200704-282

SOURCES

db:	VULHUB	id:	VHN-25395
db:	BID	id:	23460
db:	JVNDB	id:	JVNDB-2007-001820
db:	PACKETSTORM	id:	55915
db:	CNNVD	id:	CNNVD-200704-282
db:	NVD	id:	CVE-2007-2033

LAST UPDATE DATE

2025-04-10T23:07:34.408000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25395	date:	2017-07-29T00:00:00
db:	BID	id:	23460	date:	2016-07-06T14:39:00
db:	JVNDB	id:	JVNDB-2007-001820	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200704-282	date:	2007-04-17T00:00:00
db:	NVD	id:	CVE-2007-2033	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25395	date:	2007-04-16T00:00:00
db:	BID	id:	23460	date:	2007-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2007-001820	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	55915	date:	2007-04-16T16:29:53
db:	CNNVD	id:	CNNVD-200704-282	date:	2007-04-16T00:00:00
db:	NVD	id:	CVE-2007-2033	date:	2007-04-16T21:19:00