Article

Cisco urges Wireless Control System upgrade

SearchSecurity.com Staff
Cisco's Wireless Control System (WCS) contains a vulnerability that could allow an attacker to gain full administrative control of WCS.

In addition Cisco said the WCS and the Lightweight Access Points contain multiple vulnerabilities that could result in a denial of service attack.

In a Cisco advisory

    Requires Free Membership to View

issued Thursday, the vendor said there are no known workarounds for these vulnerabilities. Versions of the WCS prior to 4.0.96.0 are affected by the f;aws. Cisco has released free software updates to fix the flaws and is urging customers to upgrade to version 4.0.96.0.

Among some of the issues, Cisco said an authentication system within the WCS contains a privilege escalation vulnerability that allows any user with a valid user name and password to change their account group membership.

If the WCS is configured to back up the data stored on the Cisco Wireless Location Appliance via FTP. An attacker can use the credentials with other properties of the FTP server to read and write to arbitrary files on the server hosting the WCS application. The attacker could alter system files and compromise the server.

Several directories within the WCS page hierarchy are not password protected and could be accessed by an unauthenticated user.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: