The Channel logo


By | Dan Goodin 13th April 2007 00:34

Cisco wireless products suffer multiple vulns

These bugs can bite

Cisco Systems is reporting multiple vulnerabilities in three popular wireless products that can unleash all kinds of nastiness, including denials of service, privilege escalation, information disclosure and the ability to gain full administrative access.

The flaws reside in Cisco's Wireless Control System (WCS), Wireless LAN Controller and Lightweight Access Points.

Vulnerabilities in WCS include Fixed FTP Credentials for Location Backup, Account Group Privilege Escalation and Information Disclosure to Unauthenticated Users. Miscreants could exploit these flaws to write arbitrary files to the server that is hosting the WCS application, alter system files, and change an account group membership to gain full control of the WCS. Oh yeah, and all three can be exploited remotely.

The other two products suffer from five vulnerabilities, the most serious one affecting default SNMP community strings. That can also be exploited remotely and could allow an attacker to gain complete control of the device.

Cisco is advising administrators to apply fixes and workarounds. The advisories can be found here and here. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe