[MLB-WIRELESS] Cisco Aironet AP DoS
Drew
drew at wireless.org.au
Wed Apr 10 06:05:50 EST 2002
>
>
>Cisco Security Advisory: Aironet Telnet Vulnerability
>==========================================================================
>
>Revision 1.0
>
>For Public Release 2002 April 09 16:00 (UTC +0000)
>
> ------------------------------------------------------------------------
>
>Please provide your feedback on this document.
>
> ------------------------------------------------------------------------
>
>Contents
>========
>
> Summary
> Affected Products
> Details
> Impact
> Software Versions and Fixes
> Obtaining Fixed Software
> Workarounds
> Exploitation and Public Announcements
> Status of This Notice
> Distribution
> Revision History
> Cisco Security Procedures
>
> ------------------------------------------------------------------------
>
>Summary
>=======
>
>It is possible to cause a denial-of-service attack if Cisco Aironet
>products have Telnet access enabled. Telnet access is the only requirement
>for such an attack; there are no additional conditions.
>
>The workaround for this vulnerability is to disable Telnet access.
>
>No other Cisco product is vulnerable.
>
>This advisory is available at
>http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml.
>
>Affected Products
>=================
>
>All releases up to, but excluding, 11.21 are vulnerable. The following
>hardware products are affected.
>
> * Cisco Aironet Access Point 340 and 350
> * Cisco Aironet Bridge 350
>
>Products not affected are:
>
> * Cisco Aironet Bridge 340
> * Cisco Aironet 4800 Series
> * Cisco Aironet 4500 Series and 3500 Series
> * Cisco Aironet 3100 Series
>
>No other Cisco products are affected.
>
>Details
>=======
>
>This vulnerability is documented as Cisco Bug ID CSCdw81244.
>
>It is possible to cause Cisco Aironet products to reboot if Telnet access
>is enabled and a password is required for authorization. This can be
>accomplished by providing an invalid username and password. This
>vulnerability cannot be triggered via the web interface.
>
>Impact
>======
>
>By repeatedly exploiting this vulnerability an attacker can cause denial of
>service.
>
>Software Versions and Fixes
>===========================
>
>This vulnerability is fixed in release 11.21, which is available now.
>
>Obtaining Fixed Software
>========================
>
>Cisco is offering free software upgrades to remedy this vulnerability for
>all affected customers. Customers may only install and expect support for
>the feature sets they have purchased.
>
>Customers with service contracts should obtain upgraded software through
>their regular update channels to any software release containing the
>feature sets they have purchased. For most customers, this means that
>upgrades should be obtained through the Software Center on Cisco's
>Worldwide Web site at http://www.cisco.com.
>
>Customers whose Cisco products are provided or maintained through prior or
>existing agreement with third-party support organizations such as Cisco
>Partners, authorized resellers, or service providers should contact that
>support organization for assistance with the upgrade, which should be free
>of charge.
>
>Customers who purchased directly from Cisco but who do not hold a Cisco
>service contract, and customers who purchase through third-party vendors
>but are unsuccessful at obtaining fixed software through their point of
>sale, should obtain fixed software by contacting the Cisco Technical
>Assistance Center (TAC).
>
>Cisco TAC contacts are as follows:
>
> * +1 800 553 2447 (toll-free from within North America)
> * +1 408 526 7209 (toll call from anywhere in the world)
> * e-mail: tac at cisco.com
>
>See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for
>additional TAC contact information, including special localized telephone
>numbers and instructions and e-mail addresses for use in various languages.
>
>Please have your product serial number available and give the URL of this
>notice as evidence of your entitlement to a free upgrade. Free upgrades for
>non-contract customers must be requested through the TAC.
>
>Please do not contact either "psirt at cisco.com" or
>"security-alert at cisco.com" for software upgrades.
>
>Workarounds
>===========
>
>The workaround is to disable Telnet access. You can accomplish this by
>following the link, via the web interface, path to reach the Console/Telnet
>Setup page:
>
> 1. On the Summary Status page, click Setup.
>
> 2. On the Setup page, click Console/Telnet in the Services section of the
> page.
>
> 3. On that page, click on the radio button for Disable Telnet.
>
>Note: You must use the web interface or be connected on the console since
>you will be unable to save your changes if you are using Telnet. After
>disabling Telnet, your Telnet session will be terminated.
>
>Exploitation and Public Announcements
>=====================================
>
>This issue was reported to Cisco by a customer. Cisco PSIRT is not aware of
>any malicious exploitation or public discussion of this vulnerability.
>
>Status of This Notice: FINAL
>============================
>
>This is a final notice. Although Cisco cannot guarantee the accuracy of all
>statements in this notice, all of the facts have been checked to the best
>of our ability. Cisco does not anticipate issuing updated versions of this
>notice unless there is some material change in the facts. Should there be a
>significant change in the facts, Cisco may update this notice.
>
>A standalone copy or paraphrase of the text of this security advisory that
>omits the distribution URL in the following section is an uncontrolled
>copy, and may lack important information or contain factual errors.
>
>Distribution
>============
>
>This notice will be posted on Cisco's Worldwide Web site at
>http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml. In addition to
>Worldwide Web posting, a text version of this notice is clear-signed with
>the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet
>news recipients:
>
> * cust-security-announce at cisco.com
> * bugtraq at securityfocus.com
> * first-teams at first.org (includes CERT/CC)
> * cisco at spot.colorado.edu
> * comp.dcom.sys.cisco
> * firewalls at lists.gnac.com
> * Various internal Cisco mailing lists
>
>Future updates of this notice, if any, will be placed on Cisco's Worldwide
>Web server, but may or may not be actively announced on mailing lists or
>newsgroups. Users concerned about this problem are encouraged to check the
>URL given above for any updates.
>
>Revision History
>================
>
> Revision 2002-April-09 Initial Public
> Number 1.0 16:00 UTC +0000 Release
>
>Cisco Security Procedures
>=========================
>
>Complete information on reporting security vulnerabilities in Cisco
>products, obtaining assistance with security incidents, and registering to
>receive security information from Cisco, is available on Cisco's Worldwide
>Web site at
>http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This
>includes instructions for press inquiries regarding Cisco security notices.
>All Cisco Security Advisories are available at
>http://www.cisco.com/go/psirt.
>
> ------------------------------------------------------------------------
>
>This notice is Copyright 2002 by Cisco Systems, Inc. This notice may be
>redistributed freely after the release date given at the top of the text,
>provided that redistributed copies are complete and unmodified, and include
>all date and version information.
>
> ------------------------------------------------------------------------
>
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list