security problem has been fixed
security patch, Cisco, Lan
Cisco Security Problem Has Been Fixed
In early 2014 Cisco discovered that its wireless LAN controllers (WLCs) had several vulnerabilities that could leave them open to malicious attacks. Recently they released a security patch in new firmware versions for both their wireless LAN controllers and small business routers that protect them from the danger of remote attacks.
Attackers Gaining Admin-Level Access
The problem began when Cisco discovered that its web management interface in several popular wireless LAN models was vulnerable to attack from a remote source. The attacker could potentially gain unauthorized access through a faulty authentication request in the web framework, then proceed to intercept existing authentication requests, modify them, and resubmit them. By changing the authentication requests, the attackers could gain administrative-level access on the compromised devices.
Another weakness was discovered in denial-of-service requests (DoS) on both stand-alone and modular wireless LAN controllers, which could give attackers the ability to take control of affected access point devices communicating with the Cisco WLCs and change the configuration. This vulnerability has been detected in several versions of the company’s WLCs, and Cisco issued an advisory with a list of affected products, plus details on which patched firmware will offer a solution.
Firmware Solutions Released
These vulnerabilities were ranked at a score of “10” on the Common Vulnerability Scoring System (CVSS), the highest possible rating, since this type of compromise affects the availability of the device, as well as confidentiality of information transmitted and the integrity of the system following the attack.
To combat the problem Cisco released new firmware updates as a security patch, since there are no suitable workarounds for the breach. Users must update the firmware in order to get the appropriate patches to protect against future attacks.
Patched firmware versions include:
- Cisco CVR100W Wireless-N VPN Router firmware version 220.127.116.11
- Cisco RV110W Wireless-N VPN Firewall firmware version 18.104.22.168
- Cisco RV215W Wireless-N VPN Router firmware version 22.214.171.124
Now that these vulnerabilities have been identified, the security issues have been addressed for future versions of Cisco’s wireless LAN controllers. If you have existing Cisco networking devices that you need help with or you want to find new networking equipment, contact Computer Connection today to find out if we have what you need.