SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (Router/Bridge/Hub)  >   Cisco Small Business SRP Series Vendors:   Cisco
Cisco Small Business SRP Series WPS Protocol Flaw Lets Remote Users Conduct Brute Force WPS PIN Guessing Attacks to Access the Target Network
SecurityTracker Alert ID:  1026567
SecurityTracker URL:  http://securitytracker.com/id/1026567
CVE Reference:   CVE-2011-5053   (Links to External Site)
Date:  Jan 24 2012
Impact:   User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Models SRP521W, SRP526W, SRP527W, SRP541W, SRP546W, SRP547W
Description:   A vulnerability was reported in Cisco Small Business SRP Series. A remote user can conduct brute force guessing attacks to gain access to the target network.

The PIN External Registrar (PIN-ER) mode of the Wi-Fi Protected Setup (WPS) protocol contains a weakness that allows a remote user within range of the wireless interface to determine if the first half of the 8 digit WPS configuration PIN is correct. A remote user within range of the wireless interface can exploit this to conduct a brute force WPS configuration PIN guessing attack and gain access to the target network in a short amount of time.

The following Cisco Small Business SRP Series devices are affected:

Cisco SRP521W
Cisco SRP526W
Cisco SRP527W
Cisco SRP541W
Cisco SRP546W
Cisco SRP547W

The vulnerability resides in the WPS protocol and is not limited to these devices.

The original advisories are available at:

http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
http://www.devttys0.com/2011/12/cracking-wpa-in-10-hours-or-less/

Stefan Viehbock and Craig Heffner independently reported this vulnerability.

Impact:   A remote user within range of the wireless interface can conduct brute force guessing attacks to gain access to the target wireless network.
Solution:   No solution was available at the time of this entry.

The vendor plans to issue a fix.

The vendor recommends disabling the vulnerable feature as a workaround.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps
Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps (Links to External Site)
Cause:   Authentication error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Tue, 24 Jan 2012 01:22:07 +0000
Subject:  Cisco Small Business SRP Series


http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20120111-wps

CVE-2011-5053

Cisco SRP521W
Cisco SRP526W
Cisco SRP527W
Cisco SRP541W
Cisco SRP546W
Cisco SRP547W


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC