Lucene search

MitreCVE-2007-5382

HistoryOct 12, 2007 - 1:17 a.m.

CVE-2007-5382

2007-10-1201:17:00

CWE-264

mitre

web.nvd.nist.gov

cisco

ciscoworks

wlse

4.1.91.0

conversion utility

cve-2007-5382

security vulnerability

privilege escalation

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.018

Percentile

88.4%

JSON

The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.

Affected configurations

Nvd

Node

ciscowireless_lan_solution_engineRange≤4.1.91.0

ciscowireless_control_systemMatch4.1.91.0

VendorProductVersionCPE
ciscowireless_lan_solution_engine*cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*
ciscowireless_control_system4.1.91.0cpe:2.3:h:cisco:wireless_control_system:4.1.91.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	wireless_lan_solution_engine	*	cpe:2.3:a:cisco:wireless_lan_solution_engine::::::::
cisco	wireless_control_system	4.1.91.0	cpe:2.3:h:cisco:wireless_control_system:4.1.91.0:::::::*

References

osvdb.org/37936

www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml

www.securityfocus.com/bid/26000

www.securitytracker.com/id?1018797

www.vupen.com/english/advisories/2007/3456

exchange.xforce.ibmcloud.com/vulnerabilities/37053

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.018

Percentile

88.4%

JSON

Related for CVE-2007-5382