More security woes for Cisco

The admission comes only a week after a bunch of hackers published a toolkit to take apart its ordinary LAN products.

The latest glitch is within CiscoWorks WLSE management tool and the Cisco Hosting Solution Engine.

According to the advisory published on its website, the software versions at risk include 2.0, 2.0.2, and 2.5. The Hosting Solution Engine-vulnerable software versions include 1.7, 1.7.1, 1.7.2, and 1.7.3.

Basically the hacker exploits a default user name and password combination that has been hard-coded into the software.

Anyone who logs in using this user name has complete control of the device. One can add new users or modify details of the existing users and change the device's configuration.

It would be possible to create system-wide outages and the ability for attackers to hide unauthorised, wireless access points.

A flaw in the Hosting Solution Engine could let attackers redirect Web traffic.

Cisco has published a patch for the problem. µ