December 04, VNUNet (UK)
Cisco has warned firms using its Aironet access points running Cisco IOS operating software of a security flaw that allows hackers to gain full access to wireless networks. The vulnerability allows hackers to steal Wired Equivalent Privacy (Wep) encryption keys. The issue arises if the wireless Lan device's 'SNMP−server enable traps wlan−wep' command is enabled. "Under these circumstances, an adversary will be able to intercept all static Wep keys," Cisco said in a statement. If the command is switched on, which Cisco stressed is disabled by default, the access point will broadcast any network static Wep keys in cleartext to the SNMP server every time a key is changed or access points rebooted. Affected hardware models are the Cisco Aironet 1100, 1200 and 1400 series. Cisco has posted a workaround advising companies with deployments of these devices to disable this command, adding that any dynamically set Wep key will not be disclosed. The problem only applies to wireless Lan kit running its IOS software, so Aironet access point models running VxWorks are not affected. Customers are advised to upgrade their IOS version to a patched system. Cisco's advisory and workaround are available here: http://www.cisco.com/warp/public/707/cisco−sa−20031202−SNMP−trap.shtml
Source: http://www.vnunet.com/News/1151249
Cisco has warned firms using its Aironet access points running Cisco IOS operating software of a security flaw that allows hackers to gain full access to wireless networks. The vulnerability allows hackers to steal Wired Equivalent Privacy (Wep) encryption keys. The issue arises if the wireless Lan device's 'SNMP−server enable traps wlan−wep' command is enabled. "Under these circumstances, an adversary will be able to intercept all static Wep keys," Cisco said in a statement. If the command is switched on, which Cisco stressed is disabled by default, the access point will broadcast any network static Wep keys in cleartext to the SNMP server every time a key is changed or access points rebooted. Affected hardware models are the Cisco Aironet 1100, 1200 and 1400 series. Cisco has posted a workaround advising companies with deployments of these devices to disable this command, adding that any dynamically set Wep key will not be disclosed. The problem only applies to wireless Lan kit running its IOS software, so Aironet access point models running VxWorks are not affected. Customers are advised to upgrade their IOS version to a patched system. Cisco's advisory and workaround are available here: http://www.cisco.com/warp/public/707/cisco−sa−20031202−SNMP−trap.shtml
Source: http://www.vnunet.com/News/1151249