Cisco's third hole reported within two weeks has no patch; Firewall and IOS holes are patched
(Posted by Cisco Subnet editor Julie Bort while Jim Duffy is on vacation.) Researchers have discovered that some of Cisco’s wireless access points could allow a hacker to redirect traffic outside the enterprise or even barrel through to get access to the corporate network. Cisco has more-or-less downplayed the hole, sending out a security “alert” in which it rates the threat as moderate, but not an official security “advisory.”
The issue stems from the way that new Cisco APs are added to a network, according to the security research company that discovered the holes, AirMagnet. Cisco offered this description:
“At startup, lightweight wireless access points without a configuration use over-the-air provisioning (OTAP) to seek out and associate with a Cisco Wireless LAN Controller … Devices without preconfigured controller lists or LSCs have no method of distinguishing valid controllers from malicious ones.”
Cisco downplayed the threat by saying that administrators may configure access points with a preferred controller list that will bypass the OTAP provisioning process. The company said that it has confirmed that this vulnerability is valid at a proof-of-concept level. It does not yet have a patch available.
This is the third vulnerability reported for Cisco products in the past two weeks. Last week, the company patched a vulnerability in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, specially crafted ICMP messages, Cisco said. The company said it has not seen any instances of exploitation in the wild.
Likewise, Cisco issued a patch last week for three holes in its IOS XR Software Border Gateway Protocol. These are different vulnerabilities than were patched last month. The holes could cause a BGP peering session to reset or could cause BGP to crash.
More from Cisco Subnet:
Win great stuff from Cisco SubnetCisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feedFollow Cisco Subnet on Twitter.
- Juniper’s enterprise attack is making progress
- 100G Ethernet races to market
- Are HP, 3Com a better value than Cisco?
- When the compliance officer comes calling … hide the VMotion
- New features can open up Cisco IOS to hackers
- It’s Really Only Partly Cloudy Out There
- One Cool ISO: Fully Automated Nagios
- Video rental records more private than cloud data
Like e-mail? Subscribe to the




