Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Cisco Wireless Access Point Vulnerability Announced SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Wireless Access Point Vulnerability Announced

Cisco has released a vulnerability disclosure for their Wireless Access Points:

The vuln is in the web interface for the APs and could allow wiping of the security config and access to the administrative interface without authentication.

To quote Cisco:

A vulnerability exists in the access point web-browser interface when Security > Admin Access is changed from Default Authentication (Global Password) to Local User List Only (Individual Passwords). This results in the access point being re-configured with no security, either Global Password or Individual Passwords, enabled. This allows for open access to the access point via the web-browser interface or via the console port with no validation of user credentials.

The following access points are affected if running Cisco IOSŪ Software Release 12.3(8)JA or 12.3(8)JA1 and are configured for web-interface management:

  • 350 Wireless Access Point and Wireless Bridge
  • 1100 Wireless Access Point
  • 1130 Wireless Access Point
  • 1200 Wireless Access Point
  • 1240 Wireless Access Point
  • 1310 Wireless Bridge
  • 1410 Wireless Access Point


68 Posts
Jun 29th 2006

Sign Up for Free or Log In to start participating in the conversation!