U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:h:cisco:wireless_control_system:3.2\(51\):*:*:*:*:*:*:*
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2007-2033

Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.

Published: April 16, 2007; 5:19:00 PM -0400 		V3.x:(not available)
 V2.0: 6.5 MEDIUM
CVE-2007-2034

Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.

Published: April 16, 2007; 5:19:00 PM -0400 		V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2007-2035

Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.

Published: April 16, 2007; 5:19:00 PM -0400 		V3.x:(not available)
 V2.0: 7.8 HIGH
CVE-2006-3286

The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951).

Published: June 28, 2006; 7:05:00 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2006-3287

Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).

Published: June 28, 2006; 7:05:00 PM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2006-3288

Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors.

Published: June 28, 2006; 7:05:00 PM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2006-3289

Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".

Published: June 28, 2006; 7:05:00 PM -0400 		V3.x:(not available)
 V2.0: 2.6 LOW
CVE-2006-3290

HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.

Published: June 28, 2006; 7:05:00 PM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM