Cisco patched a handful of issues across its software line this week, including two critical vulnerabilities that could lead to the complete compromise of any devices running the software, and a hardcoded password that exists in some access points made by the company.
According to security advisories pushed out on Wednesday, the most serious bugs exist in Cisco’s Wireless LAN Controller (WLC) – versions 220.127.116.11 or later, 8.0 or later, or 8.1 or later – and Cisco Identity Services Engine, the company’s policy platform for wired and wireless services.
The issue with Identity Services is slightly scarier becasue it could let an attacker gain access directly to the device, while the issue with LAN Controller could let an attacker remotely modify the configuration of the device. Regardless, both issues have been branded “critical” by Cisco’s security team because if they were successfully exploited, they could lead to a compromise. As there’s no workaround for either issue, those who run the software are being urged to update as soon as possible.
The company also patched a less serious issue in Identity Services, addressing another unauthorized access vulnerability. In versions prior to 2.0 a “low-privileged authenticated, remote attacker” could access “specific web resources” intended to be accessed only by administrative users with higher privileges. Some web resources aren’t filtered correctly
Cisco also released updates for its Aironet 1800 Series Access Point, a souped-up WiFi product, which address vulnerabilities the company considers “high” severity. The device suffers from a hardcoded password which attackers could use in tandem with a default account to remotely log into the device. According to Cisco’s advisory the attacker wouldn’t get access to the full spectrum of administrative privileges, but they could still gain access to the device and have limited privileges.
The Aironet access point family is also vulnerable to a denial of service vulnerability that stems from a bug in the product’s IP ingress packet handler. Because an improper input validation issue exists in some builds, an attacker could send a special IP packet to a device and trigger the device to reload, something that would create a core file, over and over again, and cause a DoS condition.
Cisco is warning users that Aironet builds 18302, 1830i, 1850e, and 1850i are vulnerable to both the hardcoded password vulnerability and the denial of service vulnerability.
The patches come a few weeks after officials at the company announced they had initiated a code review of Cisco products in wake of last month’s Juniper kerfuffle. Anthony Grieco, Senior Director of the company’s Security and Trust division, stressed the company maintains a “no backdoor” policy and that Cisco launched the review on its own accord.