;)
8/25/09 - Cisco Lightweight Access Point Over-the-Air Provisioning Manipulation Vulnerability
Saturday, September 12, 2009 at 10:31AM |
Cisco Lightweight Access Points contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient security protections during wireless access point association sequences. An unauthenticated, remote attacker could exploit this vulnerability by injecting malicious packets into the wireless network where newly added access points are seeking controllers. This action could allow the attacker to cause the device to associate to a rogue controller, preventing the device from servicing network clients. An exploit could result in a DoS condition. Cisco has confirmed this vulnerability; however, software updates are not yet available. http://tools.cisco.com/security/center/viewAlert.x?alertId=18919 |
George
OTAP UPDATE 9.12.09: This week Cisco released a plan to follow up with a patch update to 6.x, which REMOVES OTAP discovery method and encrypts the information element in the RRM discovery packet.
I like this move and something I stated from the early release of this vulnerability. The RRM packet sending controller IP information in the clear to share RRM neighbor information is not necessary for access points that have already joined a controller. This infromation should be encrypted.
.This is comforting news for ANY enterprise or healthcare security team.
I am disappointed the release will be 6.x. Many users are on harbor code 4.2.x who won’t be able to take advantage of this patch. I suspect Cisco will release a 4.2 fix as well, we shall see!
http://tools.cisco.com/security/center/viewAlert.x?alertId=18919
Reader Comments