Cisco Aironet AP Static WEP Key Disclosure

2003-12-03T06:32:14
ID OSVDB:2893
Type osvdb
Reporter OSVDB
Modified 2003-12-03T06:32:14

Description

Vulnerability Description

Cisco Aironet AP's (1100, 1200, & 1400 series) contains a flaw that may allow a malicious user to gain knowledge of any static Wired Equivalent Privacy (WEP) keys. The issue is triggered if a key is changed or the AP is rebooted. It is possible that the flaw may allow an unauthorized user to gain network access resulting in a loss of confidentiality and integrity.

Technical Description

The AP's are only vulnerable if the snmp-server enable traps wlan-wep command is enabled and this is not the default configuration. Cisco Aironet AP models running VxWorks are not affected. Vulnerable devices send staticly assigned WEP keys in cleartext to the SNMP server. Dynamically configured WEP keys are not affected by this vulnerability and will not be revealed. An attacker must be able to intercept SNMP packets sent from the AP to the SNMP server.

Solution Description

Upgrade to version 12.2(13)JA1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable the associated SNMP trap command by typing the following global command: ap1200(config)#no snmp-server enable traps wlan-wep

Short Description

Cisco Aironet AP's (1100, 1200, & 1400 series) contains a flaw that may allow a malicious user to gain knowledge of any static Wired Equivalent Privacy (WEP) keys. The issue is triggered if a key is changed or the AP is rebooted. It is possible that the flaw may allow an unauthorized user to gain network access resulting in a loss of confidentiality and integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10344 Generic Informational URL: http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml/ Bugtraq ID: 9143