Pixel 6 event CNET Deal Days are here Apple event recap AirPods 3 vs. AirPods Pro Bitcoin-linked ETF starts trading on NYSE Cowboy Bebop teaser

Cisco airs out Wi-Fi vulnerability

The network equipment maker says a flaw in some of its Aironet wireless access points could allow attackers to snoop on corporate networks.

Cisco Systems is warning of a vulnerability in some of its Aironet Wi-Fi access points that could allow attackers to snoop on corporate networks.

Vulnerable access points transmit security keys over the air in unencrypted text, meaning that an eavesdropper could intercept them. With the keys, an attacker could easily break the encryption protecting Wi-Fi transmissions. Wi-Fi is a wireless standard commonly used in corporate and personal local-area networks.


What's new:
A vulnerability in some of Cisco?s Aironet Wi-Fi access points could allow attackers to snoop on corporate networks.

Bottom line:
IT managers have cited security concerns as one reason for being slow to deploy Wi-Fi access points. The disclosure by Cisco, which has recently been the subject of several security warnings, is likely to be viewed as evidence that those concerns are legitimate.

For more info:
Track the players

The bug affects Aironet 1100, 1200 and 1400 series access points running Cisco IOS software releases 12.2(8)JA, 12.2(11)JA and 12.2(11)JA1. The affected equipment transmits clear-text versions of Wired Equivalent Privacy (WEP) static keys to a Simple Network Management Protocol (SNMP) server. WEP is a security protocol defined in the Wi-Fi 802.11b standard, designed to give wireless networks the same level of security as a wired network. SNMP allows companies to monitor the operation of network devices via a central server.

The devices are affected only when the command "snmp-server enable traps wlan-wep" is enabled, and it does not affect dynamically set WEP keys. Cisco access points running VxWorks are not affected. The keys are transmitted only when the access point is rebooted or the static WEP key is changed.

Attackers would only be able to snatch WEP keys if they were able to monitor data sent between the access point and the SNMP server.

Cisco said users should upgrade to IOS version 12.2(13)JA1 or later, or switch off the SNMP command in question. Instructions for the fix are detailed in Cisco's advisory.

Users can also get around the problem by switching to an authentication protocol that uses dynamically set keys, several of

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

which are supported by the access points.

Cisco's access points have recently been the subject of several security warnings. In July, Cisco patched a pair of security flaws that were discovered in its Aironet 1100 series wireless access points. One flaw could have allowed an attacker to use a "classical brute force" technique to discover account names, while the second could freeze the access point and bring down the wireless access zone.

In August, Cisco said its Lightweight Extensible Authentication Protocol (LEAP) could allow an attacker to guess user names and passwords in a "dictionary attack."

Matthew Broersma of ZDNet UK reported from London.