Feeds

Cisco fixes Aironet vuln

Firmware upgrade for IOS flavours

  • alert
  • submit to reddit

Remote control for virtualized desktops

Cisco Systems yesterday released a fix for a security vulnerability affecting its Aironet 1100, 1200 and 1400 series wireless access points.

Vulnerable Cisco Aironet Access Points can be forced to crash and reboot on receipt of maliciously constructed traffic, security consulting firm VIGILANTe (which discovered the problem) warns. The flaw arises only when the HTTP server feature on access points is enabled. However there is no need to authenticate to perform this attack, only access to the web server is required.

Cisco has confirmed the flaw, acknowledging that repeated exploitation of the vulnerability could lead to prolonged Denial-of-Service attacks on vulnerable access points.

The networking giant says it has received no reports of malicious exploitati.

The vuln affects only IOS-based Cisco Aironet Wireless products, according to Cisco. VxWorks-based Cisco Aironet Wireless Devices are not affected. Cisco has released an advisory explaining how users can obtain a free firmware upgrade to non-vulnerable versions of IOS, and detailing workarounds involving setting up access control lists to defend against the threat.

VIGILANTe also released a second advisory yesterday involving a less serious information disclosure vulnerability concerning Cisco's access points. Malicious attackers able to Telnet into a vulnerable access point might be able to obtain a list of usernames (but not passwords). This information might then be used in subsequent attacks.

Cisco says this flaw is generic to IOS and is covered in a separate advisory here.

Users are advised to upgrade their software. In advance of applying a fix, admins might decide to disable Telnet access and use SSH instead as a workaround. ®

Choosing a cloud hosting partner with confidence

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.