Note: Cisco WCS software release 7.0 is not affected by this vulnerability. Cisco WCS version 7.0.164.0 (which is the first 7.0 version) already contains the fix for this vulnerability. Cisco WCS software releases prior to 6.0 are not affected by this vulnerability.
The version of WCS software installed on a particular device can be found via the Cisco WCS HTTP management interface. Choose Help > About the Software to obtain the software version.
Cisco WCS enables an administrator to configure and monitor one or more WLCs and associated access points.
A SQL injection vulnerability exists in Cisco WCS. Exploitation could allow an authenticated attacker to modify system configuration; create, modify and delete users; or modify the configuration of wireless devices managed by WCS.
This vulnerability is documented in Cisco bug ID CSCtf37019 ( registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-2826.
Read more about this field notice: