Reported April 7, 2004 by Cisco Systems.

 

 

VERSIONS AFFECTED

  • The affected software releases for Wireless LAN Solution Engine (WLSE) are 2.0, 2.0.2, and 2.5.

  • The affected software releases for Hosting Solution Engine (HSE) are 1.7, 1.7.1, 1.7.2, and 1.7.3.

DESCRIPTION

 

A default username and password pair exists in all releases of Cisco Systems' WLSE and HSE software. A user who logs in using the default username has complete control of the device. You can't disable this username, and no workaround exists.

 

VENDOR RESPONSE

 

The vendor, Cisco Systems, has issued a bulletin regarding this vulnerability.

 

CREDIT

 

Discovered by Cisco Systems.