Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws

Cisco Systems has released a security update stomping out critical and high-severity flaws impacting its Aironet access points, which are entry-level wireless access points (APs) used by mid-size enterprises in their offices or small warehouses.

It also issued a slew of additional patches addressing other flaws in its products.

The most severe of the AP bugs is a critical glitch that could allow unauthenticated, remote attackers to gain unauthorized access to targeted devices – giving them elevated privileges such as the ability to view sensitive data and tamper with the device configuration. The flaw exists in Cisco’s software that powers the Aironet networking APs, which allow other Wi-Fi devices to connect to a wired network.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. “While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].”

Read more…
Source: ThreatPost