SecurityTracker: Cisco Access Points Disclose Potentially Sensitive Information and May Let Remote Users Hijack APs

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Device (Router/Bridge/Hub) > Cisco Access Points

Cisco Access Points Disclose Potentially Sensitive Information and May Let Remote Users Hijack APs

SecurityTracker Alert ID: 1022774

SecurityTracker URL: http://securitytracker.com/id/1022774

CVE Reference: CVE-2009-2861 (Links to External Site)

Date: Aug 26 2009

Impact: Disclosure of system information, User access via network

Vendor Confirmed: Yes

Version(s): 1100 and 1200 Series

Description: A vulnerability was reported in Cisco Access Points. A remote user can obtain potentially sensitive information. A remote user may be able to hijack access points.

Some Cisco Access Points (APs) transmit unencrypted multicast data frames that include the MAC address and IP address of the wireless controller that the AP is connected to and AP configuration data. A remote user monitoring the wireless network can obtain this potentially sensitive information.

When the Cisco Over-the-Air-Provisioning (OTAP) feature is enabled, a remote user can inject remote radio management (RRM) packets to cause a non-configured AP that is starting up to connect to an arbitrary wireless controller.

Cisco Lightweight Wireless Access Point 1100 and 1200 Series devices are affected by this vulnerability.

Cisco has assigned Cisco Bug ID CSCtb56664 to this vulnerability.

The original advisory is available at:

http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf

The AirMagnet Intrusion Research Team reported this vulnerability.

[Editor's note: Cisco has determined this to be a "denial of service" vulnerability because the target AP cannot connect to valid network resources. Cisco indicates that wireless clients will not be able to associate to attacker-controlled APs.]

Impact: A remote user monitoring the wireless network can obtain potentially sensitive network information.

A remote user may be able to hijack an arbitrary access point.

Solution: No solution was available at the time of this entry.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/viewAlert.x?alertId=18919

Vendor URL: www.cisco.com/ (Links to External Site)

Cause: Access control error

Underlying OS:

Message History: None.

Source Message Contents

Date: Wed, 26 Aug 2009 00:16:07 -0400
Subject: Cisco Access Points


http://www.airmagnet.com/news/press_releases/2009/08252009.php

Cisco Over-the-Air-Provisioning (OTAP)

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC