Cisco Issues WCS Warning
WiFi management platform turns up with a handful of vulnerabilities
Top-ranked enterprise wireless networking vendor Cisco has put out a security advisory warning that its WiFi management software platform has vulnerabilities that could potentially make it possible for malicious users to gain access to sensitive information.
Cisco is warning that there exists in its Wireless Control System (WCS) an undocumented hard-coded username and password that could be used to gain access to internal configuration data about access points managed via the WCS. The security issue has been reported in WCS for Linux and Windows 3.2(40) and prior. WCS is Cisco's platform for wireless LAN planning, configuration, RF management, location tracking, intrusion prevention, monitoring, and management.
Malicious local users could also potentially exploit the fact that an undocumented database username and password are stored in clear text in several WCS files -- once again leaving the internal database vulnerable.
These initially appear to be the two most easily exploitable security weaknesses. Cisco is also warning, however, about a couple of flaws in the software itself that could be used to gain access to directories or user sessions.
Security firm Secunia is describing the alert as "moderately critical" and says that overall the vulnerabilities could allow malicious users to access "sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.
Cisco says in its advisory that it has workarounds for some but not all of the vulnerabilities.
— Dan Jones, Site Editor, Unstrung
Cisco Systems Inc. (Nasdaq: CSCO)
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024