Cisco Wireless Control System (WCS) contains multiple vulnerabilities which may allow a remote user to:
- access sensitive configuration information about access points managed by WCS
- read from and write to arbitrary files on a WCS system
- log in to a WCS system with a default administrator password
- execute script code in a WCS user's web browser
- access directories which may reveal sensitive WCS configuration information
There are workarounds for several, but not all, of these vulnerabilities. See the Workarounds section for more information. Cisco has made free software available to address these vulnerabilities for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml.