[ISN] Cisco warns of wireless security hole

From: InfoSec News (isn@private)
Date: Thu Apr 08 2004 - 07:05:28 PDT

  • Next message: InfoSec News: "[ISN] Microsoft takes security class on the road"

    http://www.nwfusion.com/news/2004/0407ciscowarns.html
    
    By Paul Roberts
    IDG News Service
    04/07/04
    
    Networking equipment maker Cisco is warning customers about a security
    hole in two products used to manage wireless LANs and e-business
    services in corporate data centers.
    
    The company said Wednesday that a user name and password coded into
    some versions of its Wireless LAN Solution Engine and Hosting Solution
    Engine software could give attackers complete control of the devices.  
    Attackers could use the default logins to hide rogue wireless access
    points on wireless LANs, create and modify user privileges or change
    configuration settings, Cisco said. The vulnerability affects versions
    2.0, 2.0.2 and 2.5 of the Wireless LAN Solution Engine (WLSE) and
    versions 1.7, 1.7.1, 1.7.2 and 1.7.3 of the Hosting Solution Engine
    (HSE). The San Jose company posted software patches on its Web site
    for both products.
    
    The WLSE product manages Cisco Aironet wireless LAN (WLAN)  
    infrastructures, tying together different Aironet products, such as
    wireless access points, and making it easier for administrators to
    deploy, monitor and configure the devices on their WLAN. The WLSE also
    has security features that can spot unauthorized, or "rogue," access
    points and applying wireless networking security polices to devices on
    the network, Cisco said.
    
    The HSE is a network management hardware appliance that uses the Cisco
    1140 platform. The product maps out and then monitors the performance
    and integrity e-business services in data centers that use Cisco
    products.
    
    A default user name and password combination were written, or "hard
    coded," into the software that runs on both devices and cannot be
    disabled. A malicious user who had the password would have complete
    control of the affected device, which could be used as a platform for
    further attacks, Cisco warned.
    
    For the WLSE, having the default user name and password would give the
    malicious user the ability to cause system-wide outages by changing
    the radio frequency used to send data over the WLAN, or secretly
    install an unauthorized access point that could be used to gather
    confidential information from the WLAN.
    
    For customers using the HSE, the default password could allow an
    attacker to redirect traffic from a Web site hosting e-business
    services, resulting in financial loss, Cisco said.
    
    Cisco said it is not aware of any attacks that use the hard-coded
    login information, but advised customers to install the appropriate
    software patch.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Thu Apr 08 2004 - 11:14:17 PDT