Cisco Aironet Access Point High-Severity Flaws
Cisco Systems released a security update fixing critical and high-severity flaws impacting its Aironet access points. Aironet access points are entry-level wireless access points used by mid-size enterprises in their offices. The most severe flaw is a glitch that could allow unauthenticated, remote hackers to gain unauthorized access to devices giving them elevated privileges. The privileges includes the ability to view sensitive data and tamper with the device configuration. The flaw exists in Cisco's software that powers the Aironet networking APs, which allow other Wi-Fi devices to connect to a wired network.
The flaw is due to insufficient access control for certain URLs on impacted Aironet devices. A hacker could exploit this vulnerability by requesting specific URLs from an affected AP, using the AP's web-based configuration management system. Affected Aironet APs include the 1540, 1560, 1800, 2800, 3800 and 4800 series.
Another flaw is in a processing functionality in Aironet access points that specifically processes point-to-point tunneling protocol VPN packets. These are an obsolete method for implementing virtual private networks on devices. The flaw could allow an unauthenticated, remote hacker to cause an affected device to reload, resulting in a denial-of-service.
The vulnerability is due to improper resource management during Control and Provisioning of Wireless Access Points message processing. A hacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the hacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the APs.
Overall, Cisco issued patches for 41 vulnerabilities. The patch was released in September. Cisco released patches for 29 bugs that addressed flaws in a wide range of its products including routers and switches running the IOS XE networking software. Thirteen of the vulnerabilities revealed are rated high severity.