Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
TekSavvy
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Serious Cisco WLAN security flaw

p2pnet.net News:- Cisco Systems says a hardcoded username and password pair in all releases of Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software will allow a hacker to gain complete control of a system.

“This username cannot be disabled,” warns Cisco. “There is no workaround.”

Anyone who logs in using this username gets complete control of the device and can add new users or modify details of existing users, and change the device’s configuration, says Cisco.

For WLSE, an adversary can hide the presence of a rogue Access Point or change the Radio Frequency plan, potentially causing system-wide outages. The first action may cause long term loss of information confidentiality and integrity. The second action can yield Denial-of-Service (DOS).

For HSE, this may lead up to illegal re-directing of a Web site with the ultimate loss of revenue, says Cisco, going on:

“In both cases the device itself may be used as a launching platform for further attacks. Such attacks could be directed at your organization, or towards a third party.”

Affected releases for HSE are 1.7, 1.7.1, 1.7.2 and 1.7.3.

The vulnerability is documented in the Cisco Bug Toolkit as Bug ID CSCsa11583 (registered customers only) for the WLSE and CSCsa11584 (registered customers only) for the HSE, says the company.

CiscoWorks WLSE provides centralized management for the Cisco Wireless LAN infrastructure. It unifies the other components in the solution and actively employs them to provide continual “Air/RF” monitoring, network security, and optimization. The CiscoWorks WLSE also assists network managers by automating and simplifying mass configuration deployment, fault monitoring and alerting.

Cisco Hosting Solution Engine is a hardware-based solution to monitor and activate a variety of e-business services in Cisco powered data centers. It provides fault and performance information about the Layer 2-3 hosting infrastructure and Layer 4-7 hosted services.

This entry was posted on Thursday, April 8th, 2004 at 11:47 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1510 times

« previous Ballmer finesses MS security probs
Labels debate download price hike next »

One Response to “Serious Cisco WLAN security flaw”

  1. Reader's Write Says:
    April 9th, 2004 at 2:26 am

    God, doesn’t any company know what QA is any more?

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
MP3Rocket


Remove Spyware with AntiSpyware for Windows®