Hackers from afar can mess around with Cisco's Aironet industrial and business Wi-Fi access points because the devices have flawed URL access controls, Cisco has warned customers.
The critical Aironet flaw has been assigned the identified CVE-2019-15260 and has a CVSS v3 score of 9.8 out of 10.
The bug affects several Aironet product lines, including access points for industrial customers. It can be exploited by a remote attacker without the correct credentials, who could then tamper with device settings with elevated privileges or view sensitive corporate information.
Cisco hasn't divulged much information about the flaw, but the company admits that affected Aironet Wi-Fi boxes don't currently implement sufficiently strong access controls for "certain URLs". The attacker could exploit the bug by requesting "specific URLs" from the affected access point.
If an attacker successfully exploits the flaw, they could change the device's network configuration, as well as potentially knock out the device and cause a denial of service on computer equipment connected to it.
"An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration," said Cisco.
Affected product lines include the Aironet 1540 series, 1560 series, 1800 series, 2800 series, 3800 series, and 4800 access points.
Cisco notes that there are no workarounds for this issue, so the only option to secure the devices is to install a fixed release.
Cisco also cautions customers that when attempting to install fixed software, they should treat the critical flaw as part of a collection of fixes.
This collection includes two more high-severity denial-of-service flaws affecting Aironet software – CVE-2019-15264 and CVE-2019-15261 – and one high-severity denial-of-service vulnerability, CVE-2019-15262, in the Secure Shell session management for the Cisco Wireless LAN Controller software.
At present Cisco isn't aware of any attempts to exploit the bugs and they were all discovered while Cisco was handling a customer-support query.