Cisco Patches Hardcoded Password, DoS Vulnerabilities in Software, Devices


January 14, 2016

Cisco patched a handful of issues across its software line this week, including two critical vulnerabilities that could lead to the complete compromise of any devices running the software, and a hardcoded password that exists in some access points made by the company.

According to security advisories pushed out on Wednesday, the most serious bugs exist in Cisco’s Wireless LAN Controller (WLC) – versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later – and Cisco Identity Services Engine, the company’s policy platform for wired and wireless services.

The issue with Identity Services is slightly scarier becasue it could let an attacker gain access directly to the device, while the issue with LAN Controller could let an attacker remotely modify the configuration of the device. Regardless, both issues have been branded “critical” by Cisco’s security team because if they were successfully exploited, they could lead to a compromise. As there’s no workaround for either issue, those who run the software are being urged to update as soon as possible.

Read full story…