Cisco bug could put hackers in driver's seat

By Steven
in Back Page News

 Share

Recommended Posts

Grand Master

Steven

Posted
Posted

Cisco bug could put hackers in driver's seat

Last modified: April 8, 2004, 8:30 AM PDT

By Marguerite Reardon

Staff Writer, CNET News.com

Networking giant Cisco Systems warned customers on Wednesday about a security flaw that could compromise two products used to manage wireless local area network devices and data center switches.

The company said in the warning posted on its Web site that a preset username and password coded into its Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) could give attackers complete control of the devices. Attackers could use this control to add new users, modify details of existing users or even change the device's configuration, the company said.

WLSE is software that manages Cisco Aironet Wi-Fi products such as the wireless access points. The product simplifies the configuration and monitoring of the Aironet devices. It also has security features that can detect unauthorized or rogue access points. If an attacker is able to control this management tool, he or she could hide the presence of a rogue access point or change the radio frequency plan, potentially causing systemwide outages.

The HSE is an appliance that manages data center network infrastructure, such as switches that balance loads across e-business servers. The product allows authorized users to remotely monitor, activate and configure services and devices, even through firewalls. The security hole could allow attackers who gain access to the device to use it as a launching platform to redirect traffic coming into or out of the data center. Ultimately, this could result in network downtime and revenue loss.

The vulnerability affects WLSE versions 2.0, 2.0.2 and 2.5 and HSE versions 1.7 through 1.7.3. Cisco said there is no way to work around the problem and that it is urging customers to download software patches it has posted on its Web site.

Cisco said it isn't aware of any attacks that use the hard-coded log-in information.

Cisco's wireless products have been the subject of several security warnings over the past year. In December, the company warned that some of its Aironet wireless access points were transmitting security keys over the air in unencrypted text, meaning that an eavesdropper could intercept them. With the keys, an attacker could easily break the encryption protecting Wi-Fi transmissions.

Back in July, the company discovered two other flaws that potentially compromised some access points. One security hole could have allowed an attacker to discover account names, while the second could freeze the access point and bring down the wireless access zone.

But it's not just the wireless products that have had serious security problems. The company has also issued warnings for its other products. In March, the company warned customers that software code exploiting nine vulnerabilities was found in its Internetwork Operating System. This software runs on most of Cisco's products, including its Catalyst Ethernet switches and Internet Protocol routers.

http://news.com.com/2100-1039_3-5187233.html?tag=nefd.top

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Apple MacBook Neo is a blessing for Windows users, here's why

      By noobient · Posted

      Looks the same as the Air, actually. Check it out in person.
    • AV2, successor to popular YouTube, Netflix, Amazon codec AV1, has a hard battle ahead

      By Kushan · Posted

      "This transition will take several years so we shouldn't bother doing it at all" is a naive take. This is completely normal for all specifications that cross-cut software, hardware and multiple industries. Look at the PCI specification for another example, consumers barely have PCI-E 5 yet PCI-SIG is working on PCI-E 8. AV2 will take multiple years to get adoption and even then, even a decade from now people will still have older hardware that doesn't support it. That's fine, because the savings still add up as newer devices add the hardware to deal with it. The goal is never to get 100% on the new spec overnight, but to gradually adopt it.
    • What is your default web browser for 2026?

      By Skyfrog · Posted

      Firefox, and Vivaldi for the rare instances I need a Chrome based browser for a particular site.
    • U.S. delegation throws away all burner phones and gifts from China before takeoff

      By AsherGZ · Posted

      I named Hitler because he is the de facto anti-semite. But you don't have to hate Jews to be a genocidal maniac. In fact, these days, so called semites are the ones acting in ways that would make Hitler proud.
    • 3DP Chip 26.05

      By Copernic · Posted

      3DP Chip 26.05 by Razvan Serea 3DP Chip is a standalone, no-install portable tool that scans your computer’s hardware and automatically detects the latest drivers available for your specific configuration and external devices. It provides a clear list of drivers that need updates, locates the correct downloads, and helps you upgrade them easily. 3DP Chip will automatically detect and display the information on your CPU, motherboard, video card and sound card installed on your PC. You can also choose to copy these information into your clipboard with one click for later use (such as posting in a forum). Also, if you're upgrading your operating system or just need to reinstall Windows, 3DP Chip can backup all the drivers on your PC or laptop. 3DP Chip backup and reinstall features can save you hours of searching for and installing individual device drivers. 3DP Chip most popular drivers include: audio and sound drivers video drivers printer and scanner drivers digital camera drivers network drivers webcam drivers keyboard and mouse drivers 3DP Chip v26.05 changelog: Driver date/version information has been added or updated AMD motherboard chipset v8.03.25.247 AMD motherboard chipset v8.05.04.516 Newly added product or support has been enhanced AMD Radeon Graphics AMD Radeon 780M Graphics AMD Radeon 840M Graphics AMD Radeon 860M Graphics AMD Radeon 880M Graphics AMD Radeon RX 9070 XT AMD Radeon Pro W7500M NVIDIA GeForce RTX 3050 6GB Laptop GPU NVIDIA GeForce RTX 4050 Laptop GPU NVIDIA GeForce RTX 5050 Laptop GPU NVIDIA GeForce RTX 5050 Laptop GPU NVIDIA GeForce RTX 5060 NVIDIA GeForce RTX 5070 Laptop GPU NVIDIA GeForce RTX 5070 Ti Laptop GPU NVIDIA RTX Pro 500 Blackwell Generation Laptop GPU NVIDIA RTX Pro 1000 Blackwell Generation Laptop GPU NVIDIA RTX Pro 2000 Blackwell Generation Laptop GPU Download: 3DP Chip 26.05 | 7.2 MB (Freeware) Links: 3DP Chip Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In
    • Week One Done
      jefred earned a badge
      Week One Done
    • Apprentice
      JoeyNeo went up a rank
      Apprentice

  • Popular Contributors

    1. 1
      +primortal
      477
    2. 2
      PsYcHoKiLLa
      232
    3. 3
      Skyfrog
      72
    4. 4
      FloatingFatMan
      63
    5. 5
      neufuse
      53
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!