Cisco Issues WCS Warning

WiFi management platform turns up with a handful of vulnerabilities

Dan Jones, Mobile Editor

June 29, 2006

1 Min Read

Top-ranked enterprise wireless networking vendor Cisco has put out a security advisory warning that its WiFi management software platform has vulnerabilities that could potentially make it possible for malicious users to gain access to sensitive information.

Cisco is warning that there exists in its Wireless Control System (WCS) an undocumented hard-coded username and password that could be used to gain access to internal configuration data about access points managed via the WCS. The security issue has been reported in WCS for Linux and Windows 3.2(40) and prior. WCS is Cisco's platform for wireless LAN planning, configuration, RF management, location tracking, intrusion prevention, monitoring, and management.

Malicious local users could also potentially exploit the fact that an undocumented database username and password are stored in clear text in several WCS files -- once again leaving the internal database vulnerable.

These initially appear to be the two most easily exploitable security weaknesses. Cisco is also warning, however, about a couple of flaws in the software itself that could be used to gain access to directories or user sessions.

Security firm Secunia is describing the alert as "moderately critical" and says that overall the vulnerabilities could allow malicious users to access "sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.

Cisco says in its advisory that it has workarounds for some but not all of the vulnerabilities.

— Dan Jones, Site Editor, Unstrung

About the Author(s)

Dan Jones

Mobile Editor

Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials.

But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the Light Reading team in 2002 he was an award-winning cult hit on Broadway (with four 'Toni' awards, two 'Emma' gongs and a 'Brian' to his name) with his one-man show, "Dan Sings the Show Tunes."

His perfectly crafted blogs, falling under the "Jonestown" banner, have been compared to the works of Chekhov. But only by Dan.

He lives in Brooklyn with cats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights