Details of VAR-200704-0018

ID

VAR-200704-0018

CVE

CVE-2007-2034

TITLE

Cisco WCS Vulnerabilities in managing applications and networks

Trust: 0.8

sources: JVNDB: JVNDB-2007-001821

DESCRIPTION

Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. For example, a user in the LobbyAmbassador group can be added to the SuperUsers group. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Cisco Wireless Control System Vulnerability and Security Issues SECUNIA ADVISORY ID: SA24865 VERIFY ADVISORY: http://secunia.com/advisories/24865/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote SOFTWARE: Cisco Wireless Control System (WCS) http://secunia.com/product/6332/ DESCRIPTION: A vulnerability and two security issues have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a vulnerable system. 1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems. Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server. The security issue has been reported in WCS prior to version 4.0.96.0. 2) An unspecified error exists in the authentication system, which can be exploited by an authenticated user to change his account group membership. Successful exploitation can allow full administrative control of WCS, but requires a valid username and password. The vulnerability is reported in WCS prior to version 4.0.87.0. 3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations. The security issue is reported in WCS prior to version 4.0.66.0. SOLUTION: Update to version 4.0.96.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2034 // JVNDB: JVNDB-2007-001821 // BID: 23460 // VULHUB: VHN-25396 // PACKETSTORM: 55915

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless control system	scope:	lte	version:	4.0.95	Trust: 1.0
vendor:	cisco	model:	wireless control system	scope:	lt	version:	4.0.87.0	Trust: 0.8
vendor:	cisco	model:	wireless control system	scope:	eq	version:	4.0.95	Trust: 0.6
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	4.0.95	Trust: 0.3
vendor:	cisco	model:	wireless control system software	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	wireless control system software	scope:	ne	version:	4.0.96	Trust: 0.3

sources: BID: 23460 // JVNDB: JVNDB-2007-001821 // CNNVD: CNNVD-200704-272 // NVD: CVE-2007-2034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2034
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-2034
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200704-272
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-25396
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-2034
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-25396
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25396 // JVNDB: JVNDB-2007-001821 // CNNVD: CNNVD-200704-272 // NVD: CVE-2007-2034

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-2034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-272

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200704-272

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001821

PATCH

title:

cisco-sa-20070412-wcs

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070412-wcs

Trust: 0.8

sources: JVNDB: JVNDB-2007-001821

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2034	Trust: 2.8
db:	BID	id:	23460	Trust: 2.0
db:	SECUNIA	id:	24865	Trust: 1.8
db:	OSVDB	id:	34130	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1367	Trust: 1.7
db:	SECTRACK	id:	1017907	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001821	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-272	Trust: 0.7
db:	CISCO	id:	20070412 MULTIPLE VULNERABILITIES IN THE CISCO WIRELESS CONTROL SYSTEM	Trust: 0.6
db:	XF	id:	33612	Trust: 0.6
db:	VULHUB	id:	VHN-25396	Trust: 0.1
db:	PACKETSTORM	id:	55915	Trust: 0.1

sources: VULHUB: VHN-25396 // BID: 23460 // JVNDB: JVNDB-2007-001821 // PACKETSTORM: 55915 // CNNVD: CNNVD-200704-272 // NVD: CVE-2007-2034

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/23460	Trust: 1.7
url:	http://www.osvdb.org/34130	Trust: 1.7
url:	http://securitytracker.com/id?1017907	Trust: 1.7
url:	http://secunia.com/advisories/24865	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/1367	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33612	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2034	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2034	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/1367	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/33612	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/465507	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6332/	Trust: 0.1
url:	http://corporate.secunia.com/trial/38/request/	Trust: 0.1
url:	http://secunia.com/advisories/24865/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-25396 // BID: 23460 // JVNDB: JVNDB-2007-001821 // PACKETSTORM: 55915 // CNNVD: CNNVD-200704-272 // NVD: CVE-2007-2034

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200704-272

SOURCES

db:	VULHUB	id:	VHN-25396
db:	BID	id:	23460
db:	JVNDB	id:	JVNDB-2007-001821
db:	PACKETSTORM	id:	55915
db:	CNNVD	id:	CNNVD-200704-272
db:	NVD	id:	CVE-2007-2034

LAST UPDATE DATE

2025-04-10T23:07:34.444000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25396	date:	2017-07-29T00:00:00
db:	BID	id:	23460	date:	2016-07-06T14:39:00
db:	JVNDB	id:	JVNDB-2007-001821	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200704-272	date:	2007-04-17T00:00:00
db:	NVD	id:	CVE-2007-2034	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25396	date:	2007-04-16T00:00:00
db:	BID	id:	23460	date:	2007-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2007-001821	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	55915	date:	2007-04-16T16:29:53
db:	CNNVD	id:	CNNVD-200704-272	date:	2007-04-16T00:00:00
db:	NVD	id:	CVE-2007-2034	date:	2007-04-16T21:19:00