CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-0391

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile17.60th
Published2004年6月1日
Last Modified2026年4月16日

Vulnerability Description

Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration.

Affected Platforms (CPE)

📦
Cisco

Wireless Lan Solution Engine

= 2.0
📦
Cisco

Wireless Lan Solution Engine

= 2.1
📦
Cisco

Wireless Lan Solution Engine

= 2.2
📦
Cisco

Wireless Lan Solution Engine

= 2.3
📦
Cisco

Wireless Lan Solution Engine

= 2.4
📦
Cisco

Wireless Lan Solution Engine

= 2.5
🔌
Cisco

Hosting Solution Engine

= 1.7
🔌
Cisco

Hosting Solution Engine

= 1.7.0
🔌
Cisco

Hosting Solution Engine

= 1.7.1
🔌
Cisco

Hosting Solution Engine

= 1.7.2
🔌
Cisco

Hosting Solution Engine

= 1.7.3

References & Advisories

🔗 http://www.ciac.org/ciac/bulletins/o-111.shtml
🔗 http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml
🔗 http://www.kb.cert.org/vuls/id/659228
🔗 http://www.securityfocus.com/bid/10076
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/15773
🔗 http://www.ciac.org/ciac/bulletins/o-111.shtml
🔗 http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml
🔗 http://www.kb.cert.org/vuls/id/659228

関連する脆弱性情報

CVE-2007-538210.0

The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Contro...

CVE-2006-19617.5

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registra...

CVE-2006-19605.8

Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLS...

CVE-2007-14673.5

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control S...