Menu
Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

Cisco fixes unauthorised access flaws in access points, wireless LAN controllers

The vulnerabilities could allow remote attackers to compromise the affected devices

Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.

The Cisco Aironet 1830e, 1830i, 1850e and 1850i series access points contain a default account with a static password that attackers can use to gain unauthorized access, the company said in an advisory.

Fortunately, the account does not have administrative privileges, so the vulnerability is only rated as high impact instead of critical.

The same products are affected by a separate denial-of-service vulnerability that stems from improper input validation of IP packet headers.

Things are more serious with a vulnerability in Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later that can allow remote, unauthenticated attackers to change the configuration of devices and completely compromise them.

The affected devices are Cisco 2500, 5500, 8500 series Wireless Controllers, as well as Cisco Flex 7500 Series and Cisco Virtual Wireless Controllers. Modular controllers that run Cisco WLC software are also affected. These include Integrated Services Module 300, SRE 700, SRE 710, SRE 900, and SRE 910, as well as Cisco Wireless Services Module 2 (WiSM-2).

The Cisco Identity Services Engine versions prior to 2.0 also contained two unauthorized access vulnerabilities that have been patched. One of them is rated as medium and one as critical.

The critical flaw affects Cisco ISE devices running software versions 1.1 or later, 1.2.0 prior to patch 17, 1.2.1 prior to patch 8, 1.3 prior to patch 5, or 1.4 prior to patch 4. If left unpatched, it could allow remote, unauthenticated attackers to completely compromise the devices.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
Show Comments