Menu
Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

The vulnerabilities could allow remote attackers to compromise the affected devices

Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.

The Cisco Aironet 1830e, 1830i, 1850e and 1850i series access points contain a default account with a static password that attackers can use to gain unauthorized access, the company said in an advisory.

Fortunately, the account does not have administrative privileges, so the vulnerability is only rated as high impact instead of critical.

The same products are affected by a separate denial-of-service vulnerability that stems from improper input validation of IP packet headers.

Things are more serious with a vulnerability in Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later that can allow remote, unauthenticated attackers to change the configuration of devices and completely compromise them.

The affected devices are Cisco 2500, 5500, 8500 series Wireless Controllers, as well as Cisco Flex 7500 Series and Cisco Virtual Wireless Controllers. Modular controllers that run Cisco WLC software are also affected. These include Integrated Services Module 300, SRE 700, SRE 710, SRE 900, and SRE 910, as well as Cisco Wireless Services Module 2 (WiSM-2).

The Cisco Identity Services Engine versions prior to 2.0 also contained two unauthorized access vulnerabilities that have been patched. One of them is rated as medium and one as critical.

The critical flaw affects Cisco ISE devices running software versions 1.1 or later, 1.2.0 prior to patch 17, 1.2.1 prior to patch 8, 1.3 prior to patch 5, or 1.4 prior to patch 4. If left unpatched, it could allow remote, unauthenticated attackers to completely compromise the devices.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments