Feeds

Cisco fixes Aironet vuln

Firmware upgrade for IOS flavours

  • alert
  • submit to reddit

Boost IT visibility and business value

Cisco Systems yesterday released a fix for a security vulnerability affecting its Aironet 1100, 1200 and 1400 series wireless access points.

Vulnerable Cisco Aironet Access Points can be forced to crash and reboot on receipt of maliciously constructed traffic, security consulting firm VIGILANTe (which discovered the problem) warns. The flaw arises only when the HTTP server feature on access points is enabled. However there is no need to authenticate to perform this attack, only access to the web server is required.

Cisco has confirmed the flaw, acknowledging that repeated exploitation of the vulnerability could lead to prolonged Denial-of-Service attacks on vulnerable access points.

The networking giant says it has received no reports of malicious exploitati.

The vuln affects only IOS-based Cisco Aironet Wireless products, according to Cisco. VxWorks-based Cisco Aironet Wireless Devices are not affected. Cisco has released an advisory explaining how users can obtain a free firmware upgrade to non-vulnerable versions of IOS, and detailing workarounds involving setting up access control lists to defend against the threat.

VIGILANTe also released a second advisory yesterday involving a less serious information disclosure vulnerability concerning Cisco's access points. Malicious attackers able to Telnet into a vulnerable access point might be able to obtain a list of usernames (but not passwords). This information might then be used in subsequent attacks.

Cisco says this flaw is generic to IOS and is covered in a separate advisory here.

Users are advised to upgrade their software. In advance of applying a fix, admins might decide to disable Telnet access and use SSH instead as a workaround. ®

Boost IT visibility and business value

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.