[ISN] Cisco flaw puts Wi-Fi networks at risk

From: InfoSec News (isn@private)
Date: Thu Nov 03 2005 - 06:42:41 PST


http://news.com.com/Cisco+flaw+puts+Wi-Fi+networks+at+risk/2100-7349_3-5929059.html

By Joris Evers 
Staff Writer, CNET News.com
November 2, 2005

A security bug in Cisco Systems' wireless LAN controllers could enable
an attacker to send malicious traffic to a secured Wi-Fi network.

The problem affects large Wi-Fi networks, not the average home
installation. It occurs when Cisco 1200, 1131 and 1240 series Wi-Fi
access points are controlled by Cisco 2000 and 4400 series Airespace
Wireless LAN Controllers, according to a security advisory released
Wednesday by the networking equipment maker.

Wi-Fi access points are the devices that let people connect to
wireless service. Controllers are used by operators of large Wi-Fi
networks, which typically include many access points, to centrally
control functions such as security policies, intrusion prevention and
radio frequency management.

The security problem affects only Wi-Fi installations that use the
2000 and 4400 controllers, Cisco said. Access points that do not link
to those model systems are not affected, it added.

The access points, even when configured to handle encrypted network
traffic only, may accept unencrypted incoming traffic, according to
Cisco. An attacker could exploit the flaw to send malicious traffic to
a wireless network that is designed to be secure, the company said. It
could also allow unauthorized access.

A successful attack would require the attacker to use the hardware
address--known as the Media Access Control number--of a device already
authenticated to the network, mitigating the risk of an attack.

Cisco has a software update available for the WLAN controller to fix
the vulnerability. The flaw is rated a "moderate risk" by the French
Security Incident Response Team, FrSIRT, a security monitoring and
research firm.

The news of the Wi-Fi security flaw comes a day after Cisco reported a
security issue related to its intrusion prevention system, or IPS,
security software. The problem exists because of an error in the
configuration file of Cisco's Internetwork Operating System IPS, the
company said in an advisory.

At risk are installations of the Cisco IPS configured by version 2.1
of the IPS Management Center, Cisco said. The flaw might result in an
incomplete analysis of network traffic secured by the Cisco IOS IPS
device, which could allow some attacks to go unnoticed, according to
Cisco. The flaw is also rated "moderate" risk by FrSIRT.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Thu Nov 03 2005 - 07:06:07 PST