SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#544484

Cisco Access Point Web Browser Interface contains a vulnerability

Overview

A vulnerability in the HTTP management interface for some configurations of Cisco wireless access points could allow a remote attacker to take complete control over the affected device.

I. Description

Cisco wireless access points allow administrators to create more than one set of authentication credentials (local user list) for the HTTP management interface of their access points. If this feature is enabled on one of the systems affected by this vulnerability, the access point will be automatically reconfigured with no security, and no user credentials will be required to access the access point's HTTP or console port interface.

Systems Affected

According to Cisco, the following models of access points running IOS versions 12.3(8)JA or 12.3(8)JA1 are vulnerable:

  • 350 Wireless Access Point and Wireless Bridge
  • 1100 Wireless Access Point
  • 1130 Wireless Access Point
  • 1200 Wireless Access Point
  • 1240 Wireless Access Point
  • 1310 Wireless Bridge
  • 1410 Wireless Access Point

Note that Cisco says that access points configured with a non-vulnerable version of IOS, then upgraded to a vulnerable version, are not affected unless the device's configuration has been changed.

II. Impact

A remote or local unauthenticated user could gain complete control over an affected access point.

III. Solution

Upgrade

Apply the upgrade supplied by Cisco.

Workarounds

Do not Enable Local User List

Do not enable the local user list, and use the default authentication option instead.

Disable or Restrict HTTP Access

Disable the HTTP server or restrict network access to it. Note that the web interface may also be listening on port 443/tcp. If the HTTP server is not enabled, the local user list feature can safely be configured via the command line interface.

See the workarounds section of Cisco security advisory cisco-sa-20060628-ap for detailed information on how to implement these workarounds.

Systems Affected

VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Vulnerable29-Jun-2006

References

http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml

Credit

Thanks to Cisco Product Security for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-06-28
Date First Published:2006-06-29
Date Last Updated:2006-07-04
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:0.00
Document Revision:27

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get a PDF Reader