Some vulnerabilities and security issues have been reported in various Cisco products, which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

1) The Cisco Wireless Control System (WCS) includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems.

Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server.

The security issue has been reported in Cisco WCS prior to version 4.0.96.0.

2) An unspecified error exists in the WCS authentication system, which can be exploited by an authenticated user to change his account group membership.

Successful exploitation can allow full administrative control of the WCS, but requires a valid username and password.

The vulnerability is reported in Cisco WCS prior to version 4.0.87.0.

3) Certain directories in Cisco WCS are not password protected. These can be exploited to disclose certain system information, e.g. organization of the network including access point locations.

The security issue is reported in Cisco WCS prior to version 4.0.66.0.

4) The Cisco Wireless LAN Controller (WLC) includes hard-coded SNMP (Simple Network Management Protocol) community strings, which can be exploited to read and modify the configuration of the WLC via SNMP.

5) An error in the processing of ethernet traffic can be exploited to crash the WLC via specially crafted data sent over the local network.

Vulnerabilities #4 and #5 affect the following products:
* Cisco 2100 Series Wireless LAN Controllers
* Cisco 2000 Series Wireless LAN Controllers
* Cisco Wireless LAN Controller Module
* Cisco 4400 Series Wireless LAN Controllers
* Cisco 4100 Series Wireless LAN Controllers
* Cisco Catalyst 6500 Series Wireless Services Module (WiSM)
* Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers
* Cisco Aironet 1000 Series
* Cisco Aironet 1500 Series

6) An error in Cisco WLC can be exploited to lock up NPUs (Network Processing Unit) via specially crafted packets sent over the local wireless network.

Successful exploitation results in a partial or complete DoS, depending on the number of NPUs available and the configuration of the device.

Vulnerability #6 affects the following products:
* Cisco 4400 Series Wireless LAN Controllers
* Cisco 4100 Series Wireless LAN Controllers
* Cisco Catalyst 6500 Series Wireless Services Module (WiSM)
* Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers
* Cisco Wireless LAN Controller Module
* Cisco Aironet 1000 Series
* Cisco Aironet 1500 Series

NOTE: Devices that implement the WLC functionality in software do not contain an NPU and are not affected by this vulnerability.

7) The problem is caused due to the presence of a hard-coded password in Cisco Aironet. This can be exploited by a person with physical access to compromise an affected system.

This security issue affects Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points.

Solution
Update to the latest versions (see vendor advisories for details).
Further details available to Secunia VIM customers

Provided and/or discovered by
Reported by the vendor.

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml

Deep Links
Links available to Secunia VIM customers