resource center
  See your link here
|
IDG News Service -
Networking equipment maker Cisco Systems Inc. is warning customers about a security hole in two products used to manage wireless LANs and e-business services in corporate data centers.
The company said today that a username and password coded into some versions of its Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software could give attackers complete control of the devices. Attackers could use the default log-ins to hide rogue wireless access points on WLANs, create and modify user privileges or change configuration settings, Cisco said. The vulnerability affects Versions 2.0, 2.0.2 and 2.5 of the WLSE and Versions 1.7, 1.7.1, 1.7.2 and 1.7.3 of the HSE. Cisco posted software patches on its Web site for both products.
The WLSE product manages Cisco Aironet WLAN infrastructures, tying together different Aironet products, such as wireless access points, and making it easier for administrators to deploy, monitor and configure the devices on their WLANs. The WLSE also has security features that can spot unauthorized, or "rogue," access points and apply wireless networking security policies to devices on the network, Cisco said.
The HSE is a network management hardware appliance that uses the Cisco 1140 platform. The product maps out and then monitors the performance and integrity e-business services in data centers that use Cisco products.
A default username and password combination were written, or hard-coded, into the software that runs on both devices and can't be disabled. A malicious user who had the password would have complete control of the affected device, which could be used as a platform for further attacks, Cisco warned.
For the WLSE, having the default username and password would give the malicious user the ability to cause systemwide outages by changing the radio frequency used to send data over the WLAN or to secretly install an unauthorized access point that could be used to gather confidential information from the WLAN.
For customers using the HSE, the default password could allow an attacker to redirect traffic from a Web site hosting e-business services, resulting in financial loss, Cisco said.
Cisco said it isn't aware of any attacks that use the hard-coded log-in information but advised customers to install the appropriate software patch.
IDG.net
Share our Strength
Download Now
Key Strategies for Managing Data Growth
What are you storage challenges?
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
