Information Technology News.


Critical security flaw revealed in Cisco Mobility Express 1800 systems

Share on Twitter.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

March 16, 2017

System and network admins, if you've implemented Mobility Express on a Cisco 1800 access point, it needs immediate patching against a nasty credential authentication bypass bug.

Reported by Rigo Information Technology (RIT), it's in the Web-based graphical user interface.

Here's how the security vulnerability can become a real issue: an attacker can send a crafted HTTP request to bypass authentication, and then perform unauthorized configuration changes or issue control commands, asserts RIT.

All Cisco Mobility Express 1800 systems with software prior to version 8.2.110.0 are vulnerable to such exploits and need to be addressed.

Additionally, two of Cisco's cloud admin systems are also vulnerable to an unauthorized file retrieval bug.

Cisco's Workload Automation Client Manager Server (versions 6.3.0.116 and later), and the Tidal Enterprise Scheduler (TES) Client Manager Server (6.2.1.435 and later) are also subject to the same security issues.

The two products have a URL validation bug that would allow an attacker to get any file on either system.

Cisco's Meshed Wireless LAN Controller (WLC) software has an impersonation vulnerability as well: an attacker can own a victim by forcing them to connect to a rogue access point.

The following products are vulnerable if they're configured for meshed operation: Cisco 8500 Series Wireless Controller, 5500 Series Wireless Controller, 2500 Series Wireless Controller, Flex 7500 Series Wireless Controller, Virtual Wireless Controller, and Wireless Services Module 2 (WiSM2).

Cisco has been busy recently in determining which products are vulnerable to the Apache Struts 2 issue as well. It's already up to Version 1.5 of its advisory.

Source: Rigo Information Technology.


Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.