Cisco Acknowledges Aironet Security Breach

Several Cisco Aironet wireless access points (APs) are susceptible to a previously undetected security breach, the company said.

December 5, 2003

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Several Cisco wireless access points (APs) are susceptible to a previously undetected security breach, the company said in an advisory issued this week. The APs will send Wired Equivalent Privacy static keys as clear text to simple network protocol (SNMP) servers under certain circumstances. Those who wish to break into the network can easily intercept and use the clear text keys.

The specific APs with the vulnerability are Cisco's 1100, 1200 and 1400 series running the company's IOS software. The problem only occurs when the "snmp-server enable traps wlan-wep" command is enabled, the company said in its advisory.

Not affected, according to the security advisory, are the Cisco 350 AP running Cisco IOS and APs running the VxWorks-based operating system. Nor does the breach impact on dynamically-set WEP keys created when using an Extensible Authentication Protocol (EAP) authentication protocol, according to Cisco's advisory. In its advisory, the company suggested avoiding the problem by using EAP.

In addition, Cisco said it is offering free software upgrades to fix the problem. The software is available through regular update channels such as the download section of the company's Web site.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights