Sign-up

ID

VAR-200406-0041


CVE

CVE-2004-0391


TITLE

Cisco WLSE and HSE devices contain hardcoded username and password

Trust: 0.8

sources: CERT/CC: VU#659228

DESCRIPTION

Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration. A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. If logged in with the default credentials, an attacker can gain complete control over a device. Successful exploitation could allow an attacker to gain access to sensitive data, compromise network integrity and confidentiality, cause denial of service attacks and use the devices to launch various attacks against other networks. CiscoWorks WLSE provides centralized Cisco wireless LAN infrastructure management

Trust: 2.7

sources: NVD: CVE-2004-0391 // CERT/CC: VU#659228 // JVNDB: JVNDB-2004-000938 // BID: 10076 // VULHUB: VHN-8821

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan solution enginescope:eqversion:2.0

Trust: 1.6

vendor:ciscomodel:wireless lan solution enginescope:eqversion:2.1

Trust: 1.6

vendor:ciscomodel:hosting solution enginescope:eqversion:1.7

Trust: 1.6

vendor:ciscomodel:wireless lan solution enginescope:eqversion:2.3

Trust: 1.6

vendor:ciscomodel:hosting solution enginescope:eqversion:1.7.1

Trust: 1.6

vendor:ciscomodel:wireless lan solution enginescope:eqversion:2.4

Trust: 1.6

vendor:ciscomodel:wireless lan solution enginescope:eqversion:2.5

Trust: 1.6

vendor:ciscomodel:hosting solution enginescope:eqversion:1.7.0

Trust: 1.6

vendor:ciscomodel:hosting solution enginescope:eqversion:1.7.2

Trust: 1.6

vendor:ciscomodel:wireless lan solution enginescope:eqversion:2.2

Trust: 1.6

vendor:ciscomodel:hosting solution enginescope:eqversion:1.7.3

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ciscoworks host solution enginescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ciscoworks wireless lan solution enginescope:eqversion:2.2

Trust: 0.8

vendor:シスコシステムズmodel:ciscoworks wireless lan solution enginescope:eqversion:2.3

Trust: 0.8

vendor:シスコシステムズmodel:ciscoworks wireless lan solution enginescope:eqversion:2.1

Trust: 0.8

vendor:シスコシステムズmodel:ciscoworks wireless lan solution enginescope:eqversion:2.0

Trust: 0.8

vendor:シスコシステムズmodel:ciscoworks wireless lan solution enginescope:eqversion:2.4

Trust: 0.8

vendor:シスコシステムズmodel:ciscoworks wireless lan solution enginescope:eqversion:2.5

Trust: 0.8

vendor:ciscomodel:wireless lan solution enginescope:eqversion:11302.0.5

Trust: 0.3

vendor:ciscomodel:wireless lan solution enginescope:eqversion:11302.0.2

Trust: 0.3

vendor:ciscomodel:wireless lan solution enginescope:eqversion:11302.0

Trust: 0.3

vendor:ciscomodel:wireless lan solution enginescope:eqversion:11052.5

Trust: 0.3

vendor:ciscomodel:wireless lan solution enginescope:eqversion:11052.0.2

Trust: 0.3

vendor:ciscomodel:wireless lan solution enginescope:eqversion:11052.0

Trust: 0.3

vendor:ciscomodel:hosting solution enginescope:eqversion:11051.7.3

Trust: 0.3

vendor:ciscomodel:hosting solution enginescope:eqversion:11051.7.2

Trust: 0.3

vendor:ciscomodel:hosting solution enginescope:eqversion:11051.7.1

Trust: 0.3

vendor:ciscomodel:hosting solution enginescope:eqversion:11051.7

Trust: 0.3

sources: CERT/CC: VU#659228 // BID: 10076 // JVNDB: JVNDB-2004-000938 // CNNVD: CNNVD-200406-013 // NVD: CVE-2004-0391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0391
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#659228
value: 18.23

Trust: 0.8

NVD: CVE-2004-0391
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200406-013
value: CRITICAL

Trust: 0.6

VULHUB: VHN-8821
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-0391
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8821
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#659228 // VULHUB: VHN-8821 // JVNDB: JVNDB-2004-000938 // CNNVD: CNNVD-200406-013 // NVD: CVE-2004-0391

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000938 // NVD: CVE-2004-0391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200406-013

TYPE

Design Error

Trust: 0.9

sources: BID: 10076 // CNNVD: CNNVD-200406-013

PATCH

title:CiscoWorks Wireless LAN Solution Engine (WLSE)url:https://www.cisco.com/c/en/us/obsolete/cloud-systems-management/ciscoworks-wireless-lan-solution-engine-wlse.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000938

EXTERNAL IDS

db:CERT/CCid:VU#659228

Trust: 3.3

db:NVDid:CVE-2004-0391

Trust: 3.3

db:BIDid:10076

Trust: 2.8

db:JVNDBid:JVNDB-2004-000938

Trust: 0.8

db:CNNVDid:CNNVD-200406-013

Trust: 0.7

db:XFid:15773

Trust: 0.6

db:CIACid:O-111

Trust: 0.6

db:CISCOid:20040407 A DEFAULT USERNAME AND PASSWORD IN WLSE AND HSE DEVICES

Trust: 0.6

db:VULHUBid:VHN-8821

Trust: 0.1

sources: CERT/CC: VU#659228 // VULHUB: VHN-8821 // BID: 10076 // JVNDB: JVNDB-2004-000938 // CNNVD: CNNVD-200406-013 // NVD: CVE-2004-0391

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml

Trust: 2.8

url:http://www.securityfocus.com/bid/10076

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/659228

Trust: 2.5

url:http://www.ciac.org/ciac/bulletins/o-111.shtml

Trust: 2.5

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15773

Trust: 1.9

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2004-0391

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/15773

Trust: 0.6

sources: CERT/CC: VU#659228 // VULHUB: VHN-8821 // BID: 10076 // JVNDB: JVNDB-2004-000938 // CNNVD: CNNVD-200406-013 // NVD: CVE-2004-0391

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200406-013

SOURCES

db:CERT/CCid:VU#659228
db:VULHUBid:VHN-8821
db:BIDid:10076
db:JVNDBid:JVNDB-2004-000938
db:CNNVDid:CNNVD-200406-013
db:NVDid:CVE-2004-0391

LAST UPDATE DATE

2024-08-14T14:59:25.605000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#659228date:2004-04-23T00:00:00
db:VULHUBid:VHN-8821date:2017-07-11T00:00:00
db:BIDid:10076date:2004-04-07T00:00:00
db:JVNDBid:JVNDB-2004-000938date:2024-06-07T09:02:00
db:CNNVDid:CNNVD-200406-013date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0391date:2017-07-11T01:30:07.603

SOURCES RELEASE DATE

db:CERT/CCid:VU#659228date:2004-04-07T00:00:00
db:VULHUBid:VHN-8821date:2004-06-01T00:00:00
db:BIDid:10076date:2004-04-07T00:00:00
db:JVNDBid:JVNDB-2004-000938date:2024-06-07T00:00:00
db:CNNVDid:CNNVD-200406-013date:2004-04-07T00:00:00
db:NVDid:CVE-2004-0391date:2004-06-01T04:00:00