[NEWS] Cisco Default Username and Password in WLSE and HSE Devices

From: SecuriTeam (support_at_securiteam.com)
Date: 04/08/04

  • Next message: SecuriTeam: "[NT] Nullsoft Winamp 'in_mod.dll' Heap Overflow" 
    To: list@securiteam.com
Date: 8 Apr 2004 08:38:18 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Cisco Default Username and Password in WLSE and HSE Devices
    ------------------------------------------------------------------------

    SUMMARY

    A default username/password pair is present in all releases of the
    Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE)
    software. A user who logs in using this username has complete control of
    the device. This username cannot be disabled. There is no workaround.

    DETAILS

    Affected Products:
     * The affected software releases for WLSE are 2.0, 2.0.2 and 2.5
     * The affected software releases for HSE are 1.7, 1.7.1, 1.7.2 and 1.7.3

    Details:
    A hardcoded username and password pair is present in all software releases
    for all models of WLSE and HSE devices.

    This vulnerability is documented in the Cisco Bug Toolkit as Bug ID
    CSCsa11583 (registered customers only) for the WLSE and CSCsa11584
    (registered customers only) for the HSE.

    CiscoWorks WLSE provides centralized management for the Cisco Wireless LAN
    infrastructure. It unifies the other components in the solution and
    actively employs them to provide continual "Air/RF" monitoring, network
    security, and optimization. The CiscoWorks WLSE also assists network
    managers by automating and simplifying mass configuration deployment,
    fault monitoring and alerting.

    Cisco Hosting Solution Engine is a hardware-based solution to monitor and
    activate a variety of e-business services in Cisco powered data centers.
    It provides fault and performance information about the Layer 2-3 hosting
    infrastructure and Layer 4-7 hosted services.

    Impact:
    Any user who logs in using this username has complete control of the
    device. One can add new users or modify details of the existing users, and
    change the device's configuration. Here are some more concrete examples of
    possible actions:

     * For WLSE this means that an adversary can hide the presence of a rogue
    Access Point or change the Radio Frequency plan, potentially causing
    system-wide outages. The first action may cause long-term loss of
    information confidentiality and integrity. The second action can yield
    Denial-of-Service (DOS).

     * For HSE this may lead up to illegal re-directing of a Web site with the
    ultimate loss of revenue.

     * In both cases the device itself may be used as a launching platform for
    further attacks. Such attacks could be directed at your organization, or
    towards a third party.

    Software Versions and Fixes:
    For WLSE, users need to install the WLSE-2.x-CSCsa11583-K9.zip patch. The
    patch can be downloaded from
    <http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng>
    http://www.cisco.com/pcgi-bin/tablebuild.pl/wlan-sol-eng (registered
    customers only). This patch is applicable to WLSE 1130 software releases
    2.0, 2.0.2 and 2.5.

    For HSE, users need to install the HSE-1.7.x-CSCsa11584.zip patch. The
    patch can be downloaded from
    <http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol>
    http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol (registered
    customers only). This patch is applicable to HSE 1105 for versions 1.7,
    1.7.1, 1.7.2, and 1.7.3.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:psirt@cisco.com> Cisco
    Systems Product Security Incident Response Team.

    The original article can be found at:
    <http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml>
    http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] Nullsoft Winamp 'in_mod.dll' Heap Overflow"

    Relevant Pages