Menu
Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

The vulnerabilities could allow remote attackers to compromise the affected devices

Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.

The Cisco Aironet 1830e, 1830i, 1850e and 1850i series access points contain a default account with a static password that attackers can use to gain unauthorized access, the company said in an advisory.

Fortunately, the account does not have administrative privileges, so the vulnerability is only rated as high impact instead of critical.

The same products are affected by a separate denial-of-service vulnerability that stems from improper input validation of IP packet headers.

Things are more serious with a vulnerability in Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later that can allow remote, unauthenticated attackers to change the configuration of devices and completely compromise them.

The affected devices are Cisco 2500, 5500, 8500 series Wireless Controllers, as well as Cisco Flex 7500 Series and Cisco Virtual Wireless Controllers. Modular controllers that run Cisco WLC software are also affected. These include Integrated Services Module 300, SRE 700, SRE 710, SRE 900, and SRE 910, as well as Cisco Wireless Services Module 2 (WiSM-2).

The Cisco Identity Services Engine versions prior to 2.0 also contained two unauthorized access vulnerabilities that have been patched. One of them is rated as medium and one as critical.

The critical flaw affects Cisco ISE devices running software versions 1.1 or later, 1.2.0 prior to patch 17, 1.2.1 prior to patch 8, 1.3 prior to patch 5, or 1.4 prior to patch 4. If left unpatched, it could allow remote, unauthenticated attackers to completely compromise the devices.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments