Summary

• Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a conversion utility to convert over to a Cisco Wireless Control System (WCS). This conversion utility creates and uses administrative accounts with default credentials. Because there is no requirement to change these credentials during the conversion process, an attacker may be able to leverage the accounts that have default credentials to take full administrative control of the WCS after the conversion has been completed.

  Customers who have converted their CiscoWorks WLSE to a Cisco WCS are advised to set strong passwords for all accounts on their Cisco WCS.

  This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20071010-wcs.

Affected Products

• Vulnerable Products

  Cisco WCS systems that have been converted from a CiscoWorks WLSE using the conversion utility for version 4.1.91.0 or earlier are vulnerable.

  Products Confirmed Not Vulnerable

  Cisco WCS systems that have not been converted from a CiscoWorks WLSE using the conversion utility are not affected by this problem. Additionally, Cisco WCS systems that have been converted from a CiscoWorks WLSE using the conversion utility for version 4.2 or later are not vulnerable.

  For more information about Cisco Unified Wireless Network Software Release 4.2, visit:

  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/ccfig42.html

  No other Cisco products are currently known to be affected by this vulnerability.

Details

• CiscoWorks WLSE is a centralized, systems-level application for managing and controlling an entire autonomous Cisco wireless LAN (WLAN) infrastructure. The Cisco Wireless Control System (WCS) is a centralized, systems-level application for managing and controlling lightweight access points and wireless LAN controllers for the Cisco Unified Wireless Network.

  A CiscoWorks WLSE can be converted to a Cisco WCS using a utility that can be ordered from Cisco. There are two administrative accounts on the Wireless Control System (WCS): a Linux root account and Cisco WCS root account. Vulnerable versions of the conversion utility do not force the administrator to change the password for the Linux "root" user of the newly converted system. Non-vulnerable versions of the conversion utility force the administrator to change both account passwords.

  More information about the conversion utility is available in the Conversion of a WLSE Autonomous Deployment to a WCS Controller Deployment appendix in the Cisco Wireless Control System Configuration Guide.

Workarounds

• The vulnerability described in this document can be eliminated by logging in to the affected WCS and changing the default password for the administrative Linux root account to a strong password chosen by the user.

  Refer to the Managing User Accounts chapter of the Cisco Wireless Control System Configuration Guide for more information about changing administrative accounts.

Fixed Software

• When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

  In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center ("TAC") or your contracted maintenance provider for assistance.

Exploitation and Public Announcements

• The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

URL

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20071010-wcs

Revision History

• Revision 1.1	2008-April-25	Updated link to the CVSS score of CSCsj71081 .
  Revision 1.0	2007-October-10	Initial public release.

  Show Less