Details of VAR-200710-0017

ID

VAR-200710-0017

CVE

CVE-2007-5382

TITLE

CiscoWorks WLSE Vulnerabilities that can be obtained in a conversion utility that converts files

Trust: 0.8

sources: JVNDB: JVNDB-2007-002761

DESCRIPTION

The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. Cisco Wireless Control System is prone to a vulnerability that permits an attacker to gain unauthorized administrative access to the affected device. This issue is being tracked by Cisco Bug ID CSCsj71081 An attacker could exploit this issue to gain unauthorized administrative access to the affected device. Successfully exploiting this issue will result in the complete compromise of the affected device. This issue affects Cisco Wireless Control System 4.1.91.0 and prior versions. Since there is no requirement to change these credentials during the transition, attackers can use these accounts with default credentials to gain full administrative control over WCS after transition

Trust: 1.98

sources: NVD: CVE-2007-5382 // JVNDB: JVNDB-2007-002761 // BID: 26000 // VULHUB: VHN-28744

AFFECTED PRODUCTS

vendor:	cisco	model:	wireless control system	scope:	eq	version:	4.1.91.0	Trust: 1.9
vendor:	cisco	model:	wireless lan solution engine	scope:	lte	version:	4.1.91.0	Trust: 1.0
vendor:	cisco	model:	wireless control system	scope:	lte	version:	4.1.91.0	Trust: 0.8
vendor:	cisco	model:	ciscoworks wireless lan solution engine	scope:	lte	version:	4.1.91.0	Trust: 0.8
vendor:	cisco	model:	wireless lan solution engine	scope:	eq	version:	4.1.91.0	Trust: 0.6
vendor:	cisco	model:	wireless control system	scope:	ne	version:	4.2	Trust: 0.3

sources: BID: 26000 // JVNDB: JVNDB-2007-002761 // CNNVD: CNNVD-200710-196 // NVD: CVE-2007-5382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5382
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-5382
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200710-196
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-28744
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-5382
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28744
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28744 // JVNDB: JVNDB-2007-002761 // CNNVD: CNNVD-200710-196 // NVD: CVE-2007-5382

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-28744 // JVNDB: JVNDB-2007-002761 // NVD: CVE-2007-5382

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-196

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200710-196

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002761

PATCH

title:

cisco-sa-20071010-wcs

url:

http://www.cisco.com/en/US/products/csa/cisco-sa-20071010-wcs.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-002761

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5382	Trust: 2.8
db:	BID	id:	26000	Trust: 2.0
db:	SECTRACK	id:	1018797	Trust: 1.7
db:	OSVDB	id:	37936	Trust: 1.7
db:	VUPEN	id:	ADV-2007-3456	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002761	Trust: 0.8
db:	CISCO	id:	20071010 CISCO WIRELESS CONTROL SYSTEM CONVERSION UTILITY ADDS DEFAULT PASSWORD	Trust: 0.6
db:	XF	id:	37053	Trust: 0.6
db:	CNNVD	id:	CNNVD-200710-196	Trust: 0.6
db:	VULHUB	id:	VHN-28744	Trust: 0.1

sources: VULHUB: VHN-28744 // BID: 26000 // JVNDB: JVNDB-2007-002761 // CNNVD: CNNVD-200710-196 // NVD: CVE-2007-5382

REFERENCES

url:	http://www.securityfocus.com/bid/26000	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00808d72db.shtml	Trust: 1.7
url:	http://osvdb.org/37936	Trust: 1.7
url:	http://www.securitytracker.com/id?1018797	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/3456	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/37053	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5382	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5382	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/3456	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/37053	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml	Trust: 0.3

sources: VULHUB: VHN-28744 // BID: 26000 // JVNDB: JVNDB-2007-002761 // CNNVD: CNNVD-200710-196 // NVD: CVE-2007-5382

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200710-196

SOURCES

db:	VULHUB	id:	VHN-28744
db:	BID	id:	26000
db:	JVNDB	id:	JVNDB-2007-002761
db:	CNNVD	id:	CNNVD-200710-196
db:	NVD	id:	CVE-2007-5382

LAST UPDATE DATE

2025-04-10T23:19:59.197000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28744	date:	2017-07-29T00:00:00
db:	BID	id:	26000	date:	2015-05-07T17:35:00
db:	JVNDB	id:	JVNDB-2007-002761	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200710-196	date:	2007-10-15T00:00:00
db:	NVD	id:	CVE-2007-5382	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28744	date:	2007-10-12T00:00:00
db:	BID	id:	26000	date:	2007-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2007-002761	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200710-196	date:	2007-10-11T00:00:00
db:	NVD	id:	CVE-2007-5382	date:	2007-10-12T01:17:00