Cisco Aironet Web Interface Arbitrary Modification

2001-03-07T00:00:00
ID OSVDB:5597
Type osvdb
Reporter OSVDB
Modified 2001-03-07T00:00:00

Description

Vulnerability Description

The firmware of Cisco Aironet 340 Series Wireless Bridges contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the firmware does not properly disable access to the web interface, which will allow a remote attacker to view and to modify the bridge's configuration via Web interface. This flaw may lead to a loss of confidentiality and integrity.

Solution Description

Upgrade to firmware version 8.55 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The firmware of Cisco Aironet 340 Series Wireless Bridges contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the firmware does not properly disable access to the web interface, which will allow a remote attacker to view and to modify the bridge's configuration via Web interface. This flaw may lead to a loss of confidentiality and integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1001065 ISS X-Force ID: 6200 CVE-2001-0455 Bugtraq ID: 2461