Date: 8 Apr 2004 08:38:18 +0200
From: SecuriTeam <support@securiteam.com.>
To: [email protected]Subject: [NEWS] Cisco Default Username and Password in WLSE and HSE Devices
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Cisco Default Username and Password in WLSE and HSE Devices
------------------------------------------------------------------------
SUMMARY
A default username/password pair is present in all releases of the
Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE)
software. A user who logs in using this username has complete control of
the device. This username cannot be disabled. There is no workaround.
DETAILS
Affected Products:
* The affected software releases for WLSE are 2.0, 2.0.2 and 2.5
* The affected software releases for HSE are 1.7, 1.7.1, 1.7.2 and 1.7.3
Details:
A hardcoded username and password pair is present in all software releases
for all models of WLSE and HSE devices.
This vulnerability is documented in the Cisco Bug Toolkit as Bug ID
CSCsa11583 (registered customers only) for the WLSE and CSCsa11584
(registered customers only) for the HSE.
CiscoWorks WLSE provides centralized management for the Cisco Wireless LAN
infrastructure. It unifies the other components in the solution and
actively employs them to provide continual "Air/RF" monitoring, network
security, and optimization. The CiscoWorks WLSE also assists network
managers by automating and simplifying mass configuration deployment,
fault monitoring and alerting.
Cisco Hosting Solution Engine is a hardware-based solution to monitor and
activate a variety of e-business services in Cisco powered data centers.
It provides fault and performance information about the Layer 2-3 hosting
infrastructure and Layer 4-7 hosted services.
Impact:
Any user who logs in using this username has complete control of the
device. One can add new users or modify details of the existing users, and
change the device's configuration. Here are some more concrete examples of
possible actions:
* For WLSE this means that an adversary can hide the presence of a rogue
Access Point or change the Radio Frequency plan, potentially causing
system-wide outages. The first action may cause long-term loss of
information confidentiality and integrity. The second action can yield
Denial-of-Service (DOS).
* For HSE this may lead up to illegal re-directing of a Web site with the
ultimate loss of revenue.
* In both cases the device itself may be used as a launching platform for
further attacks. Such attacks could be directed at your organization, or
towards a third party.
Software Versions and Fixes:
For WLSE, users need to install the WLSE-2.x-CSCsa11583-K9.zip patch. The
patch can be downloaded from
<http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng>;
http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng (registered
customers only). This patch is applicable to WLSE 1130 software releases
2.0, 2.0.2 and 2.5.
For HSE, users need to install the HSE-1.7.x-CSCsa11584.zip patch. The
patch can be downloaded from
<http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol>;
http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol (registered
customers only). This patch is applicable to HSE 1105 for versions 1.7,
1.7.1, 1.7.2, and 1.7.3.
ADDITIONAL INFORMATION
The information has been provided by <mailto:psirt@cisco.com.> Cisco
Systems Product Security Incident Response Team.
The original article can be found at:
<http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml>;
http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
