More security woes for Cisco

Now it is its Wireless LAN

By INQUIRER staff

Mon Apr 12 2004, 07:56

CISCO HAS ADMITTED that there are holes in its wireless LAN products.

The admission comes only a week after a bunch of hackers published a toolkit to take apart its ordinary LAN products.

The latest glitch is within CiscoWorks WLSE management tool and the Cisco Hosting Solution Engine.

According to the advisory published on its website, the software versions at risk include 2.0, 2.0.2, and 2.5. The Hosting Solution Engine-vulnerable software versions include 1.7, 1.7.1, 1.7.2, and 1.7.3.

Basically the hacker exploits a default user name and password combination that has been hard-coded into the software.

Anyone who logs in using this user name has complete control of the device. One can add new users or modify details of the existing users and change the device's configuration.

It would be possible to create system-wide outages and the ability for attackers to hide unauthorised, wireless access points.

A flaw in the Hosting Solution Engine could let attackers redirect Web traffic.

Cisco has published a patch for the problem. µ

Linux vendors urgently patch a security flaw Enables Android 4.0 Ice Cream Sandwich root exploit Thursday, 26 January 2012, 12:52 PM Read more	Oracle will release a raft of patches tomorrow Critical update includes scores of fixes Monday, 16 January 2012, 14:10 PM Read more
Microsoft says zero-day exploits are not a major threat Under one per cent of attacks use them Tuesday, 11 October 2011, 13:41 PM Read more	Hack against The Sun was planned for two weeks Lulzsec is still front page news Tuesday, 19 July 2011, 13:45 PM Read more
Oracle patches some Java flaws carrying the highest possible threat Ten on the scale of threat ratings Tuesday, 7 June 2011, 14:32 PM Read more	Microsoft fixes Pwn2own Internet Explorer hole Along with 63 other software vulnerablities Wednesday, 13 April 2011, 11:14 AM Read more

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

SQL Developer (Client Faci

Client Facing SQL Developer...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

More security woes for Cisco

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review