Hackers from afar can mess around with Cisco's Aironet industrial and business Wi-Fi access points because the devices have flawed URL access controls, Cisco has warned customers.
The critical Aironet flaw has been assigned the identified CVE-2019-15260 and has a CVSS v3 score of 9.8 out of 10.
The bug affects several Aironet product lines, including access points for industrial customers. It can be exploited by a remote attacker without the correct credentials, who could then tamper with device settings with elevated privileges or view sensitive corporate information.
Cisco hasn't divulged much information about the flaw, but the company admits that affected Aironet Wi-Fi boxes don't currently implement sufficiently strong access controls for "certain URLs". The attacker could exploit the bug by requesting "specific URLs" from the affected access point.
If an attacker successfully exploits the flaw, they could change the device's network configuration, as well as potentially knock out the device and cause a denial of service on computer equipment connected to it.
"An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration," said Cisco.
Affected product lines include the Aironet 1540 series, 1560 series, 1800 series, 2800 series, 3800 series, and 4800 access points.
Cisco notes that there are no workarounds for this issue, so the only option to secure the devices is to install a fixed release.
Cisco also cautions customers that when attempting to install fixed software, they should treat the critical flaw as part of a collection of fixes.
This collection includes two more high-severity denial-of-service flaws affecting Aironet software – CVE-2019-15264 and CVE-2019-15261 – and one high-severity denial-of-service vulnerability, CVE-2019-15262, in the Secure Shell session management for the Cisco Wireless LAN Controller software.
At present Cisco isn't aware of any attempts to exploit the bugs and they were all discovered while Cisco was handling a customer-support query.
More on Cisco and networking securityCisco warning: These routers running IOS have 9.9/10-severity security flaw
Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw
Seriously? Cisco put Huawei X.509 certificates and keys into its own switchesNew Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent updateCisco critical-flaw warning: These two bugs in our data-center gear need patching now
Cisco alert: Patch this dangerous bug open to remote attacks via malicious adsThrangrycat flaw lets attackers plant persistent backdoors on Cisco gearCisco's warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switchesCisco warns over critical router flawCisco: These are the flaws DNS hijackers are using in their attacksCisco bungled RV320/RV325 patches, routers still exposed to hacksCisco tells Nexus switch owners to disable POAP feature for security reasonsCisco: Patch routers now against massive 9.8/10-severity security holeHow to improve cybersecurity for your business: 6 tips TechRepublicNew cybersecurity tool lets companies Google their systems for hackers CNET