Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Moderately critical

Cisco Products Multiple Vulnerabilities

-

Release Date:  2007-04-13    Last Update:  2007-06-15    Views:  12,574

Secunia Advisory SA24865

Where:

From remote

Impact:

Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access

Solution Status:

Partial Fix

CVE Reference(s):

Description


Some vulnerabilities and security issues have been reported in various Cisco products, which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

1) The Cisco Wireless Control System (WCS) includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems.

Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server.

The security issue has been reported in Cisco WCS prior to version 4.0.96.0.

2) An unspecified error exists in the WCS authentication system, which can be exploited by an authenticated user to change his account group membership.

Successful exploitation can allow full administrative control of the WCS, but requires a valid username and password.

The vulnerability is reported in Cisco WCS prior to version 4.0.87.0.

3) Certain directories in Cisco WCS are not password protected. These can be exploited to disclose certain system information, e.g. organization of the network including access point locations.

The security issue is reported in Cisco WCS prior to version 4.0.66.0.

4) The Cisco Wireless LAN Controller (WLC) includes hard-coded SNMP (Simple Network Management Protocol) community strings, which can be exploited to read and modify the configuration of the WLC via SNMP.

5) An error in the processing of ethernet traffic can be exploited to crash the WLC via specially crafted data sent over the local network.

Vulnerabilities #4 and #5 affect the following products:
* Cisco 2100 Series Wireless LAN Controllers
* Cisco 2000 Series Wireless LAN Controllers
* Cisco Wireless LAN Controller Module
* Cisco 4400 Series Wireless LAN Controllers
* Cisco 4100 Series Wireless LAN Controllers
* Cisco Catalyst 6500 Series Wireless Services Module (WiSM)
* Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers
* Cisco Aironet 1000 Series
* Cisco Aironet 1500 Series

6) An error in Cisco WLC can be exploited to lock up NPUs (Network Processing Unit) via specially crafted packets sent over the local wireless network.

Successful exploitation results in a partial or complete DoS, depending on the number of NPUs available and the configuration of the device.

Vulnerability #6 affects the following products:
* Cisco 4400 Series Wireless LAN Controllers
* Cisco 4100 Series Wireless LAN Controllers
* Cisco Catalyst 6500 Series Wireless Services Module (WiSM)
* Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers
* Cisco Wireless LAN Controller Module
* Cisco Aironet 1000 Series
* Cisco Aironet 1500 Series

NOTE: Devices that implement the WLC functionality in software do not contain an NPU and are not affected by this vulnerability.

7) The problem is caused due to the presence of a hard-coded password in Cisco Aironet. This can be exploited by a person with physical access to compromise an affected system.

This security issue affects Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points.


Solution:
Update to the latest versions (see vendor advisories for details).

Further details available to Secunia VIM customers

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Cisco Products Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability