A new Cisco security warning reports that the company's wireless LAN management application has "multiple vulnerabilities" including one that lets a remote user log in with a default administrator password.
The warning lists six vulnerabilities, and says that workarounds are available for some but not all of them. The problems are part of Cisco's Wireless Control System (WCS), the software it acquired with Airespace last year, that handles network and RF management, location tracking, and intrusion detection and prevention for Cisco's controller-based WLANs.
The vulnerabilities are found in WCS for Linux and Windows, for Versions 3.2 and earlier, though in one case Version 4.0 is listed. Full details, including a .PDF version, are on the Cisco Web site .
Perhaps the most critical problem is an undocumented username and hard-coded password, by which a remote user can gain access to the WCS database, which stores configuration information for access points managed by the WCS server, including encryption keys. With those keys, an attacker can unscramble encrypted network traffic.
The attacker can potentially gain complete control of a WCS installation through the default administrator username "root" with a default password of "public." Users are not prompted to change the password during installation or initial login, and the username and password are in clear text in several WCS files. Cisco has a workaround for this vulnerability.
Other vulnerabilities let attackers read from and write to arbitrary locations in the file system running WCS, execute script code in a user's Web browser, and obtain WCS usernames and directory installation paths.