Hardcoded Credentials in Cisco Wireless and Hosting Solution Engines
CVE-2004-0391

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Solution Engine
Vendor: CVE Published:; 1 June 2004

Summary

The Cisco Wireless LAN Solution Engine (WLSE) versions 2.0 through 2.5 and the Hosting Solution Engine (HSE) versions 1.7 through 1.7.3 are affected by a serious vulnerability due to hardcoded username and password combinations. This flaw enables remote attackers to gain unauthorized access to the systems, allowing them to add new users, modify existing users, and change crucial configuration settings without proper authorization. Organizations using these products should take immediate action to remediate this vulnerability to bolster their security posture.

References

http://www.ciac.org/ciac/bulletins/o-111.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

http://www.cisco.com/warp/public/707/cisco-sa-20040407-us...

vendor-advisoryx_refsource_CISCO

http://www.kb.cert.org/vuls/id/659228

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Jun 1, 2004
Vulnerability Reserved
Apr 9, 2004