Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Cisco Security Advisory: Default Password in Wireless Location Appliance SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Security Advisory: Default Password in Wireless Location Appliance
Cisco has earlier published a security advisory, reporting a vulnerability in Cisco Wireless Location Appliance (WLA). The appliance uses a default password for the 'root' administrative account. A user with knowledge of the password can login and gain full control of the device.

As reported in the advisory, the default password is the same in all installations of the product prior to version 2.1.34.0 when shipped as part of a new product purchase. The vulnerability still exists on upgraded installations unless explicit steps have been taken to change the password after the initial installation of the product.

Cisco has issued a fix for the version 2.1.34.0 and later. Previous versions of software which have been upgraded will not prompt the user to change the password for the root user during the upgrade. So get your password change if you have not done so on your vulnerable version.

Cisco indicates that there have been several instances in which Cisco Wireless Location Appliances have been compromised due to this vulnerability.

http://www.cisco.com/warp/public/707/cisco-sa-20061012-wla.shtml

Koon Yaw

68 Posts

Sign Up for Free or Log In to start participating in the conversation!