More security woes for Cisco

Now it is its Wireless LAN

CISCO HAS ADMITTED that there are holes in its wireless LAN products.

The admission comes only a week after a bunch of hackers published a toolkit to take apart its ordinary LAN products.

The latest glitch is within CiscoWorks WLSE management tool and the Cisco Hosting Solution Engine.

According to the advisory published on its website, the software versions at risk include 2.0, 2.0.2, and 2.5. The Hosting Solution Engine-vulnerable software versions include 1.7, 1.7.1, 1.7.2, and 1.7.3.

Basically the hacker exploits a default user name and password combination that has been hard-coded into the software.

Anyone who logs in using this user name has complete control of the device. One can add new users or modify details of the existing users and change the device’s configuration.

It would be possible to create system-wide outages and the ability for attackers to hide unauthorised, wireless access points.

A flaw in the Hosting Solution Engine could let attackers redirect Web traffic.

Cisco has published a patch for the problem.


Leave a Reply