Cisco has earlier published a security advisory, reporting a vulnerability in Cisco Wireless Location Appliance (WLA). The appliance uses a default password for the 'root' administrative account. A user with knowledge of the password can login and gain full control of the device.
As reported in the advisory, the default password is the same in all installations of the product prior to version 188.8.131.52 when shipped as part of a new product purchase. The vulnerability still exists on upgraded installations unless explicit steps have been taken to change the password after the initial installation of the product.
Cisco has issued a fix for the version 184.108.40.206 and later. Previous versions of software which have been upgraded will not prompt the user to change the password for the root user during the upgrade. So get your password change if you have not done so on your vulnerable version.
Cisco indicates that there have been several instances in which Cisco Wireless Location Appliances have been compromised due to this vulnerability.
Oct 14th 2006
1 decade ago