CVE-2004-0391

Current Description

Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration.

Basic Data

PublishedJune 01, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoWireless Lan Solution Engine2.0*******
    2.3ApplicationCiscoWireless Lan Solution Engine2.1*******
    2.3ApplicationCiscoWireless Lan Solution Engine2.2*******
    2.3ApplicationCiscoWireless Lan Solution Engine2.3*******
    2.3ApplicationCiscoWireless Lan Solution Engine2.4*******
    2.3ApplicationCiscoWireless Lan Solution Engine2.5*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareCiscoHosting Solution Engine1.7*******
    2.3HardwareCiscoHosting Solution Engine1.7.0*******
    2.3HardwareCiscoHosting Solution Engine1.7.1*******
    2.3HardwareCiscoHosting Solution Engine1.7.2*******
    2.3HardwareCiscoHosting Solution Engine1.7.3*******

Vulnerable Software List

VendorProductVersions
Cisco Wireless Lan Solution Engine 2.0, 2.1, 2.2, 2.3, 2.4, 2.5
Cisco Hosting Solution Engine 1.7, 1.7.0, 1.7.1, 1.7.2, 1.7.3

References

NameSourceURLTags
O-111http://www.ciac.org/ciac/bulletins/o-111.shtmlCIACPATCH Vendor Advisory
20040407 A Default Username and Password in WLSE and HSE Deviceshttp://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtmlCISCOPATCH Vendor Advisory
VU#659228http://www.kb.cert.org/vuls/id/659228CERT-VNPATCH Third Party Advisory US Government Resource
10076http://www.securityfocus.com/bid/10076BID
cisco-default-password(15773)https://exchange.xforce.ibmcloud.com/vulnerabilities/15773XF