Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.
gilbertoxyfv

Cisco Patches Flaws In Routers, Wireless Lan Controllers

Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device." Cisco assigned an impact score of 10 to the vulnerability -- the highest in the Common Vulnerability Scoring System (CVSS) -- because the flaw can lead to a complete compromise of a device's confidentiality, integrity and availability. Users are advised to update the firmware of the affected devices because there are no available workarounds. The patched firmware versions are: Cisco CVR100W Wireless-N VPN Router firmware version 1.0.1.21, Cisco RV110W Wireless-N VPN Firewall firmware version 1.2.0.10 and Cisco RV215W Wireless-N VPN Router firmware version 1.1.0.6. Cisco also fixed five denial-of-service vulnerabilities and one unauthorized access vulnerability in the software running on a wide range of its stand-alone and modular wireless LAN controllers.
For the original version including any supplementary images or video, visit http://www.computerworld.com/s/article/9246799/Cisco_patches_flaws_in_routers_wireless_LAN_controllers

Cisco provides patch for critical wireless router vulnerability

Users are advised to update the firmware of the affected devices because there are no available workarounds. The patched firmware versions are: Cisco CVR100W Wireless-N VPN Router firmware version 1.0.1.21, Cisco RV110W Wireless-N VPN Firewall firmware version 1.2.0.10 and Cisco RV215W Wireless-N VPN Router firmware version 1.1.0.6. Cisco also fixed five denial-of-service vulnerabilities and one unauthorized access vulnerability in the software running on a wide range of its stand-alone and modular wireless LAN controllers. The affected products are: Cisco 500 Series http://www.prodec.co.uk/products/cisco-uc520-48u-teb-unified-communication-chassis Wireless Express Mobility Controllers, Cisco 2000 Series Wireless LAN Controllers, Cisco 2100 Series Wireless LAN Controllers, Cisco 2500 Series Wireless Controllers, Cisco 4100 Series Wireless LAN Controllers, Cisco 4400 Series Wireless LAN Controllers, Cisco 5500 Series Wireless Controllers, Cisco Flex 7500 Series Wireless Controllers, Cisco 8500 Series Wireless Controllers, Cisco Virtual Wireless Controller, Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (Cisco WiSM), Cisco Wireless Services Module version 2 (WiSM2), Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs), Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs), Cisco Catalyst 3750G Integrated WLC and Cisco Wireless Controller Software for Services-Ready Engine (SRE).
For the original version including any supplementary images or video, visit http://www.pcworld.com/article/2105360/cisco-patches-vulnerabilities-in-small-business-routers-and-wireless-lan-controllers.html

Cisco patches vulnerabilities in small business routers and wireless LAN controllers

provided updated firmware this week that addresses a severe vulnerability founds in its Wireless N-VPN family of small business routers, as well as its Wireless N-VPN firewall. In a security advisory , Cisco explained that the wireless router vulnerability is the result of an "improper handling of authentication requests by the Web framework" and can be exploited remotely. Though the networking giant is not aware of the flaw being actively exploited in the wild, Cisco urged companies to upgrade their Wireless N-VPN products to the latest firmware, warning that there are no current workarounds to mitigate the issue, and that a successful exploit would have dire consequences. "Successful exploitation of the vulnerability may allow an attacker to gain full control of the affected device," Cisco said. "An attacker with full administrative access to the device can configure all the settings of the router through the Web-based administration user interface." Gustavo Javier Speranza, an Argentina-based computer forensics investigator, originally reported the vulnerability to Cisco. In a full disclosure post on Neohapsis' website, Speranza explained that an attacker can gain admin access to a device simply by manipulating the POST data on the administration page, thereby effectively bypassing the login.
For the original version including any supplementary images or video, visit http://searchsecurity.techtarget.com/news/2240215772/Cisco-provides-patch-for-critical-wireless-router-vulnerability

Don't be the product, buy the product!

Schweinderl