-
It is possible to view and modify the bridge's configuration via Web interface even when Web access is disabled in the configuration. This defect is documented as Cisco bug ID CSCdt52783. This defect is present in the following hardware models:
-
Aironet AP4500,
-
Aironet AP4800,
-
Aironet BR100,
-
Aironet BR500,
-
Cisco Aironet AIR-BR340
The firmware release 8.55 is the first image which contains the fix. All previous firmware releases for listed devices are vulnerable. No other Aironet/Cisco Aironet wireless product is affect by this vulnerability. This advisory is available at the https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010307-aironet340.
-
Aironet AP4500,
-
This section provides details on affected products.
Vulnerable Products
The following hardware models are affected:
-
Aironet AP4500,
-
Aironet AP4800,
-
Aironet BR100,
-
Aironet BR500,
-
Cisco Aironet AIR-BR340
They are vulnerable to this defect if they are running any of the following firmware releases:
-
7.X
-
8.07
-
8.24
The release 8.55 is the first release where this vulnerability is fixed. No other Aironet/Cisco Aironet wireless products are affected by this defect.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Aironet AP4500,
-
It is possible to view and modify the bridge's configuration, using Web interface, despite it being explicitly disabled. This vulnerability is exploitable over the wired and wireless link alike.
-
There is no workaround if an attack is coming from wired Ethernet interface.
To mitigate this vulnerability if an attack is coming over the wireless link the following actions may be taken:
-
Change SSID to non guessable value.
-
Turn on WEP encryption if possible.
-
On bridges (BR100, BR500 and AIR-BR340) turn off access point mode.
That will disallow direct access to the bridge by any client.
For the instruction on how to perform these operations on the Cisco Aironet 340 Series Wireless Bridge, please see: http://www.cisco.com/univercd/cc/td/doc/product/wireless/aironet/bridge/brdgqs.htm.
For more detailed description please consult "Using the Cisco Aironet 340 Series Wireless Bridges", which can be found at: http://www.cisco.com/univercd/cc/td/doc/product/wireless/aironet/bridge/ebridge.pdf. Information on SSID and other basic settings is on page 4-3. Information on bridge mode vs AP mode is on page 4-17.
-
Change SSID to non guessable value.
-
This defect is fixed in the release 8.55 of the software.
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. This vulnerability was discovered by a customer.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.