Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco Acknowledges Aironet Security Breach

Several Cisco wireless access points (APs) are susceptible to a previously undetected security breach, the company said in an advisory issued this week.

The APs will send Wired Equivalent Privacy static keys as clear text to simple network protocol (SNMP) servers under certain circumstances. Those who wish to break into the network can easily intercept and use the clear text keys.

The specific APs with the vulnerability are Cisco's 1100, 1200 and 1400 series running the company's IOS software. The problem only occurs when the "snmp-server enable traps wlan-wep" command is enabled, the company said in its advisory.

Not affected, according to the security advisory, are the Cisco 350 AP running Cisco IOS and APs running the VxWorks-based operating system. Nor does the breach impact on dynamically-set WEP keys created when using an Extensible Authentication Protocol (EAP) authentication protocol, according to Cisco's advisory. In its advisory, the company suggested avoiding the problem by using EAP.

In addition, Cisco said it is offering free software upgrades to fix the problem. The software is available through regular update channels such as the download section of the company's Web site.