[ISN] Cisco warns of wireless security hole

From: InfoSec News (isn@private)
Date: Fri Dec 05 2003 - 01:04:43 PST

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary - Issue: 2003-49"

    http://www.nwfusion.com/news/2003/1203ciscowarns.html
    
    By Paul Roberts
    IDG News Service, 12/03/03
    
    Cisco is warning customers using its Aironet wireless access points 
    (AP) about a security vulnerability that could allow attackers to 
    obtain keys used to secure communications on wireless networks. 
    
    The vulnerability affects Aironet 1100, 1200 and 1400 series access 
    points and could allow Wired Equivalent Privacy (WEP) keys to be sent 
    as plain text over corporate networks that use an SNMP server and have 
    a specific option enabled on the access point, Cisco said. 
    
    SNMP is a network management protocol that allows companies to monitor 
    the operation of network devices using a central server and software 
    agents that track and report on the functioning of SNMP-compliant 
    devices. 
    
    To be vulnerable, organizations have to be using an affected Aironet 
    model with the IOS software, have an SNMP server deployed, be using 
    static WEP keys for encryption and have enabled an option on the AP 
    called "snmp-server enable traps wlan-wep." That option is disabled by 
    default on Aironet access points, Cisco said. 
    
    SNMP "traps" are alerts that devices create when notable events occur. 
    The wlan-wep trap notifies the SNMP server when events related to the 
    WEP keys occur, such as a change in the key value or a reboot of the 
    access point. Because of the security flaw, Aironet access points will 
    also transmit the values of any static WEP keys being used on the 
    network as clear text to the SNMP server in the trap message, Cisco 
    said. 
    
    An opportunistic attacker who could intercept the SNMP traffic would 
    obtain any WEP key values stored on the vulnerable access point and be 
    able to snoop on encrypted wireless communications on the network, the 
    company said. 
    
    Cisco issued a patch for vulnerable versions of the IOS software, 
    12.2(13)JA1 and recommended that customers obtain and install the 
    patch as soon as possible. 
    
    Customers unable to get the patch can disable the "snmp-server enable 
    traps wlan-wep" option or switch to another encryption method such as 
    Extensible Authentication Protocol, which Aironet APs support, but 
    which is not affected by the vulnerability, Cisco said. 
    
    The disclosure of a security problem with WEP follows other 
    high-visibility patches to the company's Aironet wireless products in 
    recent months. 
    
    In July, Cisco patched two holes in the Aironet 1100 series APs that 
    could allow an attacker to disable an Aironet access point in a 
    denial-of-service attack, or coax user account information out of the 
    device. 
    
    In August, the company also revealed that its Lightweight Extensible 
    Authentication Protocol encryption was vulnerable to so-called 
    "dictionary attacks," in which attackers use software programs to try 
    to guess user names and passwords through successive login attempts. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Dec 05 2003 - 03:37:51 PST