Cisco patches multiple vulnerabilities in wireless LAN controllers

Summary:The most severe bug affects Cisco's Aironet 1260, 2600, 3500 and 3600 access points, and could allow unauthorized parties gain privileged access to the affected device.

Cisco has released patches and workarounds for 16 of its wireless products, removing several denial of service vulnerabilities and a bug that allowed unauthorized access to the system.

The most severe bug affects Cisco's Aironet access points – the Aironet 1260, 2600, 3500 and the 3600 – connected to the company's Wireless LAN Controller, and could allow unauthorized parties gain privileged access to the affected device.

"An attacker could exploit this vulnerability by attempting to authenticate to an affected device using locally-stored credentials of the AP. A successful attack could allow an attacker to take complete control of the affected AP and make arbitrary changes to the configuration," said Cisco in its security bulletin.

Cisco goes on to say that "in many deployment scenarios, the locally-stored default AP username and password has not been changed from the factory default. In these zero-touch scenarios, the devices are designed to connect automatically to a WLC and download firmware and configurations."

Also patched were a raft of denial of service bugs, ranging from a vulnerability in the WebAuth feature to a vulnerability in the IGMP processing subsystem.

Further details, along with patches, are available from Cisco

Topics: Security


Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.