CVE-2007-2032 - Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for b

CVE-2007-2032

Summary

Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014.

References

Vulnerable Configurations

cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:4.0.95:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:4.0.95:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	23460
cisco	20070412 Multiple Vulnerabilities in the Cisco Wireless Control System
osvdb	34132
sectrack	1017907
secunia	24865
vupen	ADV-2007-1367
xf	cisco-wcs-ftp-unauthorized-access(33614)

Last major update

29-07-2017 - 01:31

Published

16-04-2007 - 21:19

Last modified

29-07-2017 - 01:31