|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Apr 13 2007 - 04:17:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Secunia customers receive relevant and filtered advisories.
Delivery is done via different channels including SMS, Email, Web,
and https based XML feed.
http://corporate.secunia.com/trial/38/request/
----------------------------------------------------------------------
TITLE:
Cisco Wireless Control System Vulnerability and Security Issues
SECUNIA ADVISORY ID:
SA24865
VERIFY ADVISORY:
http://secunia.com/advisories/24865/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Exposure of system information, Exposure of
sensitive information, Privilege escalation, System access
WHERE:
From remote
SOFTWARE:
Cisco Wireless Control System (WCS)
http://secunia.com/product/6332/
DESCRIPTION:
A vulnerability and two security issues have been reported in Cisco
Wireless Control System (WCS), which can be exploited by malicious
users to gain escalated privileges, and by malicious people to
disclose sensitive information, bypass certain security restrictions,
or potentially compromise a vulnerable system.
1) WCS includes a fixed username and password for backup operations
via FTP. This can be exploited to read from and write to arbitrary
files on affected systems.
Successful exploitation potentially allows the server to be
compromised, but requires knowledge of other properties of the FTP
server.
The security issue has been reported in WCS prior to version
4.0.96.0.
2) An unspecified error exists in the authentication system, which
can be exploited by an authenticated user to change his account group
membership.
Successful exploitation can allow full administrative control of WCS,
but requires a valid username and password.
The vulnerability is reported in WCS prior to version 4.0.87.0.
3) Certain directories in WCS are not password protected. This can be
exploited to disclose certain system information, e.g. organization of
the network including access point locations.
The security issue is reported in WCS prior to version 4.0.66.0.
SOLUTION:
Update to version 4.0.96.0 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]