Cisco fixes Aironet vuln

Cisco Systems yesterday released a fix for a security vulnerability affecting its Aironet 1100, 1200 and 1400 series wireless access points.

Vulnerable Cisco Aironet Access Points can be forced to crash and reboot on receipt of maliciously constructed traffic, security consulting firm VIGILANTe (which discovered the problem) warns. The flaw arises only when the HTTP server feature on access points is enabled. However there is no need to authenticate to perform this attack, only access to the web server is required.

Cisco has confirmed the flaw, acknowledging that repeated exploitation of the vulnerability could lead to prolonged Denial-of-Service attacks on vulnerable access points.

The networking giant says it has received no reports of malicious exploitati.

The vuln affects only IOS-based Cisco Aironet Wireless products, according to Cisco. VxWorks-based Cisco Aironet Wireless Devices are not affected. Cisco has released an advisory explaining how users can obtain a free firmware upgrade to non-vulnerable versions of IOS, and detailing workarounds involving setting up access control lists to defend against the threat.

VIGILANTe also released a second advisory yesterday involving a less serious information disclosure vulnerability concerning Cisco's access points. Malicious attackers able to Telnet into a vulnerable access point might be able to obtain a list of usernames (but not passwords). This information might then be used in subsequent attacks.

Cisco says this flaw is generic to IOS and is covered in a separate advisory here.

Users are advised to upgrade their software. In advance of applying a fix, admins might decide to disable Telnet access and use SSH instead as a workaround. ®