Lucene search

[email protected]CVE-2007-5382

HistoryOct 12, 2007 - 1:17 a.m.

CVE-2007-5382

2007-10-1201:17:00

CWE-264

[email protected]

web.nvd.nist.gov

cisco

ciscoworks

wlse

4.1.91.0

conversion utility

cve-2007-5382

security vulnerability

privilege escalation

7.2 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.6%

JSON

The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.

CPENameOperatorVersion
cisco:wireless_lan_solution_enginecisco wireless lan solution enginele4.1.91.0
cisco:wireless_control_systemcisco wireless control systemeq4.1.91.0

CPE	Name	Operator	Version
cisco:wireless_lan_solution_engine	cisco wireless lan solution engine	le	4.1.91.0
cisco:wireless_control_system	cisco wireless control system	eq	4.1.91.0

References

osvdb.org/37936

www.cisco.com/en/US/products/products_security_advisory09186a00808d72db.shtml

www.securityfocus.com/bid/26000

www.securitytracker.com/id?1018797

www.vupen.com/english/advisories/2007/3456

exchange.xforce.ibmcloud.com/vulnerabilities/37053

7.2 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2007-5382

cvelist1 cisco1 prion1