CVE-2004-0391

Description

Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration.

Affected products

• Cisco / hosting_solution_engine1.7 – 1.7
• Cisco / hosting_solution_engine1.7.0 – 1.7.0
• Cisco / hosting_solution_engine1.7.1 – 1.7.1
• Cisco / hosting_solution_engine1.7.2 – 1.7.2
• Cisco / hosting_solution_engine1.7.3 – 1.7.3
• Cisco / wireless_lan_solution_engine2.0 – 2.0
• Cisco / wireless_lan_solution_engine2.5 – 2.5
• Cisco / wireless_lan_solution_engine2.1 – 2.1
• Cisco / wireless_lan_solution_engine2.2 – 2.2
• Cisco / wireless_lan_solution_engine2.3 – 2.3
• Cisco / wireless_lan_solution_engine2.4 – 2.4

References

• MISChttp://www.ciac.org/ciac/bulletins/o-111.shtml
• VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml
• MISChttp://www.kb.cert.org/vuls/id/659228
• MISChttp://www.securityfocus.com/bid/10076
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15773