Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Cisco downplays WLAN vulnerability

AirMagnet, the security company that discovered the issue, said the hole could still create problems

Cisco Systems downplayed a vulnerability in some of its wireless access points, reporting Tuesday that there is no risk of data loss or interception.

But AirMagnet, the wireless network security vendor that discovered the issue, said the hole could still lead to problems.

The vulnerability is based in a feature that makes it easy for Cisco access points to associate with a controller in the network. Existing APs broadcast information about the nearby network controller they communicate with.

When an enterprise hangs a new AP, that AP listens to information broadcast by other APs and knows which controller to connect to.

AirMagnet worries that a person could "skyjack" a new AP by getting the AP to connect to a controller outside of the enterprise.

Enterprises can avoid that scenario by configuring their access points with a preferred controller list, Cisco said. That bypasses the over-the-air provisioning process that could result in an AP connecting to an outside controller.

Also, Cisco said that even if an AP did connect to an unauthorized controller, workers would then be unable to connect to that AP. That would prevent a hacker from intercepting their communication.

However, once an AP is connected to an unauthorized controller, a hacker might then be able to access the company's entire network, said Wade Williamson, director of product management at AirMagnet.

"Someone being able to drill into your wired network is much more concerning than users not being able to check e-mail," he said.

Cisco did not immediately respond to a question about the potential of that scenario.

Cisco rates the vulnerability as unlikely to be used. It notes that in order to exploit the hole, an attacker would have to be able to deploy a Cisco controller within radio range of a newly installed AP.

The vulnerability affects Cisco Lightweight Access Point 1100 and 1200 series.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: AirMagnet, Cisco, Cisco Systems, etwork
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Cisco, exploits and vulnerabilities, wireless, wlan
Latest Blog Posts
Whitepapers
  • IDC Insight: V-Ray Gives Symantec NetBackup a Competitive Advantage Today and into the Future
    Over a decade ago, Veritas software announced NetBackup FlashBackup to address the millions of small files problem, which had been and often remains the nemesis to fast and efficient backup of large file servers. Today, the FlashBackup technology is used to provide a logical understanding of what is stored with a VMDK- or VHD-image-level backup, without the necessity to install an agent inside each virtual machine. Read more.
    Learn more »
  • Oracle Business Intelligence and Data Warehousing From Storage to Scorecard
    Getting actionable data in the hands of the right decision makers translates to positive business outcomes – whether that means competing more effectively, reducing operational costs, meeting compliance requirements, or anticipating changing market conditions. To get the right data to the right people at the right time, you need an integrated business intelligence and data warehousing solution that can provide fast access to reliable information and the tools to translate that insight into actions.
    Learn more »
  • HTML5 and security on the new web
    There are lots of changes happening to the key technologies that power the web. The new version of HTML, the dominant web language, offers impressive enhancements for rich web applications. But as HTML5 comes into greater use we’ll see new security issues arise. It’s typical for a new technology to have defects and pitfalls. And although the standard is still being defined, it's already being implemented. So how does HTML5 stand up to security scrutiny?
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments