Cisco Systems Inc. has fixed a variety of security holes in its wireless programs that online outlaws could exploit to bypass security features, access sensitive data, launch cross-site scripting attacks and do other damage.
The first problem affects the Cisco Wireless Control System (WCS), a platform designed to help enterprises design, control and monitor Cisco wireless LANs. According to the San Jose, Calif.-based networking giant, remote attackers could exploit the flaws to:
Danish vulnerability clearinghouse Secunia provided the following description of the flaws in its advisory:
The solution is to update to WCS for Linux and Windows 3.2(63) or later.
The second problem affects Cisco Wireless Access Point and can be exploited to bypass security restrictions.
"The vulnerability is caused due to an error within the Web management interface when the admin access configuration has been changed from 'Default Authentication' to 'Local User List Only,'" Secunia said. "This causes the access point to be reconfigured with no security enabled, thus allowing open access to the access point via the web interface or via the console port with no validation of user credentials."
The flaw has been reported in the following products when running Cisco IOS Software Release 12.3(8)JA or 12.3(8)JA1:
The solution is to update to Cisco IOS Software Release 12.3(8)JA2.