Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Cisco Wireless Control System (multiple bugs)
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7575
Тип:удаленная
Уровень опасности:
6/10
Описание:Неизменяемая учетная запись FTP-доступа, повышение привилегий через членство в группах, утечка информации.
Затронутые продукты:CISCO : Cisco Wireless Control System 4.0
CVE:CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.)
 CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.)
 CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.)
 CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System (13.04.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород