Menu
Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

The vulnerabilities could allow remote attackers to compromise the affected devices

Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.

The Cisco Aironet 1830e, 1830i, 1850e and 1850i series access points contain a default account with a static password that attackers can use to gain unauthorized access, the company said in an advisory.

Fortunately, the account does not have administrative privileges, so the vulnerability is only rated as high impact instead of critical.

The same products are affected by a separate denial-of-service vulnerability that stems from improper input validation of IP packet headers.

Things are more serious with a vulnerability in Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later that can allow remote, unauthenticated attackers to change the configuration of devices and completely compromise them.

The affected devices are Cisco 2500, 5500, 8500 series Wireless Controllers, as well as Cisco Flex 7500 Series and Cisco Virtual Wireless Controllers. Modular controllers that run Cisco WLC software are also affected. These include Integrated Services Module 300, SRE 700, SRE 710, SRE 900, and SRE 910, as well as Cisco Wireless Services Module 2 (WiSM-2).

The Cisco Identity Services Engine versions prior to 2.0 also contained two unauthorized access vulnerabilities that have been patched. One of them is rated as medium and one as critical.

The critical flaw affects Cisco ISE devices running software versions 1.1 or later, 1.2.0 prior to patch 17, 1.2.1 prior to patch 8, 1.3 prior to patch 5, or 1.4 prior to patch 4. If left unpatched, it could allow remote, unauthenticated attackers to completely compromise the devices.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments