Vulnerability Description
Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wireless Lan Solution Engine | 2.0 |
| Cisco | Hosting Solution Engine | 1.7 |
References
- http://www.ciac.org/ciac/bulletins/o-111.shtmlPatchVendor Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/659228PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15773
- http://www.ciac.org/ciac/bulletins/o-111.shtmlPatchVendor Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/659228PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15773
FAQ
What is CVE-2004-0391?
CVE-2004-0391 is a vulnerability with a CVSS score of 10.0 (HIGH). Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, mo...
How severe is CVE-2004-0391?
CVE-2004-0391 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0391?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Solution Engine, Cisco Hosting Solution Engine.