Network Security, Patch/Configuration Management, Vulnerability Management

Cisco fixes critical Aironet Access Points flaw, addresses 29 more bugs

Cisco today released 28 security advisories, in the process addressing a total of 30 vulnerabilities, including a critical unauthorized access bug found in the company's Cisco Aironet Access Points (APs) software.

Officially designated CVE-2019-15260, the flaw potentially can be exploited to view sensitive information, interfere with configuration options and disable the AP, in order to create a denial of service condition for clients associated with the AP.

According to Cisco's advisory, the flaw is the result of inadequate access control for certain URLs. "An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges," the advisory states. "While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration."

Cisco has released a software updates to fix affected products, which were identified as the Aironet 1540 Series, Aironet 1560 Series, Aironet 1800 Series, Aironet 2800 Series, Aironet 3800 Series and Aironet 4800.

Cisco's latest round of advisories also included six high-level vulnerabilities, found in the Wireless LAN Controller, SPA100 Series Analog Telephone Adapters, Small Business Smart and Managed Switches and Aironet.

Products found to contain medium-level bugs included the Wireless LAN Controller, Expressway Series and TelePresence Video Communication Server, TelePresence Collaboration Endpoint Software, SPA100 Series Analog Telephone Adapters, SPA122 ATA with Router Devices, Small Business Smart and Managed Switches, Identity Services Engine, Firepower Management Center and Aironet.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.