Cisco releases patches for several of its products
Cisco has released several patches to mitigate the exposure of its several affected products. A bug in Cisco Aironet 1830 and Cisco Aironet 1850 series found in Cisco products that has access points running the Cisco Mobility Express Software which could enable a remote attacker to gain complete control over the affected devices.
This bug creates the existence of default credentials for an affected device that is running the Cisco Mobility Express Software. This access means that a remote attacker with a layer 3 connectivity could use the SSH to login in to any device with higher privileges. And the attacker could take the whole control of the device.
There was also a bug found in Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) software that could open doors for remote attacker to launch Denial of Service attacks.
Another type of vulnerability was found due to the incomplete IPv6 UDP header validation. According to the notice " An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device," the notice reads. From there, the attacker could " impact the availability of the device as it could unexpectedly reload."
Cisco explained that these flaws were due to the missing internal handler. Cisco also added that these vulnerabilities could be exploited by attackers by accessing a specific hidden URL on the interface that would possibly result in the Denial of Service (DoS) situation.
Cisco has addressed all of the four vulnerabilities and the US-CERT has advised its users and administrators to review the Cisco security advisories and should apply the updates as needed.
Comments ( 0 )
No comments available