Cisco flaw puts Wi-Fi networks at risk

Fix is out for bug in WLAN controllers that could enable an attacker to send malicious wireless traffic.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
2 min read
A security bug in Cisco Systems' wireless LAN controllers could enable an attacker to send malicious traffic to a secured Wi-Fi network.

The problem affects large Wi-Fi networks, not the average home installation. It occurs when Cisco 1200, 1131 and 1240 series Wi-Fi access points are controlled by Cisco 2000 and 4400 series Airespace Wireless LAN Controllers, according to a security advisory released Wednesday by the networking equipment maker.

Wi-Fi access points are the devices that let people connect to wireless service. Controllers are used by operators of large Wi-Fi networks, which typically include many access points, to centrally control functions such as security policies, intrusion prevention and radio frequency management.

The security problem affects only Wi-Fi installations that use the 2000 and 4400 controllers, Cisco said. Access points that do not link to those model systems are not affected, it added.

The access points, even when configured to handle encrypted network traffic only, may accept unencrypted incoming traffic, according to Cisco. An attacker could exploit the flaw to send malicious traffic to a wireless network that is designed to be secure, the company said. It could also allow unauthorized access.

A successful attack would require the attacker to use the hardware address--known as the Media Access Control number--of a device already authenticated to the network, mitigating the risk of an attack.

Cisco has a software update available for the WLAN controller to fix the vulnerability. The flaw is rated a "moderate risk" by the French Security Incident Response Team, FrSIRT, a security monitoring and research firm.

The news of the Wi-Fi security flaw comes a day after Cisco reported a security issue related to its intrusion prevention system, or IPS, security software. The problem exists because of an error in the configuration file of Cisco's Internetwork Operating System IPS, the company said in an advisory.

At risk are installations of the Cisco IPS configured by version 2.1 of the IPS Management Center, Cisco said. The flaw might result in an incomplete analysis of network traffic secured by the Cisco IOS IPS device, which could allow some attacks to go unnoticed, according to Cisco. The flaw is also rated "moderate" risk by FrSIRT.