http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=219401274 By Tim Wilson DarkReading Aug 24, 2009 A flaw in the provisioning system used by Cisco wireless LANs could allow attackers to collect data about users' wired networks or even gain access to WLAN-attached systems, researchers said today. Researchers at AirMagnet's Intrusion Research Team say they have uncovered a security vulnerability in Cisco's Over-The-Air-Provisioning (OTAP), a feature that helps users deploy wireless access points (APs). The potential exploit -- which AirMagnet has dubbed SkyJack -- makes it possible for others to gain control of a Cisco AP, intentionally or unintentionally. The Cisco OTAP feature allows a Cisco AP to "listen" to traffic from nearby Cisco APs and use that information to quickly locate a nearby WLAN controller on the network. However, this feature may cause unintentional exposure or leakage of network information in all lightweight Cisco APs, AirMagnet says. If the OTAP feature is not turned off, it is possible for APs to be incorrectly assigned to an outside Cisco controller -- a.k.a. SkyJacked -- either by accident or at the direction of a potential hacker, AirMagnet says. [...] ________________________________________ Subscribe to InfoSec News http://www.infosecnews.orgReceived on Mon Aug 24 2009 - 22:38:21 PDT
This archive was generated by hypermail 2.2.0 : Mon Aug 24 2009 - 22:53:58 PDT