AV:R/AC:L/Au:R/C:C/I:C/A:C/B:N/E:F/RL:O/RC:C
-
Cisco Wireless Control System (WCS) versions prior to 4.0.87.0 contains a vulnerability that could allow an authenticated, remote attacker to gain escalated privileges on the affected system.
This vulnerability exists due to insufficient access controls on the Cisco WCS configuration page used to assign group membership. An authenticated, remote attacker could exploit this vulnerability by accessing this page and adding their account to the SuperUsers group. This grants the attacker full privileges in the WCS application, allowing the attacker to control all devices managed by the WCS.
Cisco has confirmed this vulnerability and released software updates.
To exploit this vulnerability, an attacker must authenticate to the WCS. No additional credentials are required. As a result of the vulnerability described in Alert 13036, any authenticated user level access to the WCS is sufficient to access some WCS configuration pages without the need for further authentication. This vulnerability relates specifically to the ability to access a WCS configuration page that can be used to add an application user to an application group. Because of this vulnerability, it is possible for any WCS user to add their user account to the SuperUsers group. The attacker must also know the correct URL to enter to reach the vulnerable page, however. This reduces the likelihood of an attack somewhat, although an attacker who is familiar with the WCS product would have little trouble locating the correct page.
-
Cisco has released a security advisory for Cisco Bug ID CSCsg05190 at the following link: cisco-sa-20070412-wcs
-
Administrators are advised to apply the available updates.
Administrators are advised to restrict system access to trusted users.
Administrators are advised to grant user access to the WCS to trusted users only. This includes members of the LobbyAmbassador group.
Administrators are advised to remove existing LobbyAmbassador accounts and all other low privileged accounts until updates can be applied.
-
Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at tac@cisco.com.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Version Description Section Status Date 1.0 Initial Release NA Final 2007-Apr-12
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.