Cisco Systems warned in a security advisory Wednesday that some versions of its software for managing wireless LANs have a security hole that could enable hackers to take control of a WLAN or Web site.
Specifically, the company said that a default user name/ password pair has been hard coded into the Wireless LAN Solution Engine (WLSE) and some releases Hosting Solution Engine (HSE). WLSE is Cisco's primary tool for centrally managing WLANs and HSE is a hardware-based product that manages e-businesses services.
"Any user who logs in using this username has complete control of the device," the company said in its advisory. The company said that the problem when applied to WLSE means that somebody could hide a rogue access point or change the radio frequency plan, which can lead to problems such as denial-of-service (DoS) attacks. For HSE, the problem can lead to re-direction of a Web site to another URL.
"In both cases the device itself may be used as a launching platform for further attacks. Such attacks could be directed at your organization, or towards a third party," Cisco said in its advisory. It stressed, however, that it knew of no instances of malicious use of the problem.
The vulnerability is in WLSE versions 2.0, 2.0.2 and 2.5 and HSE versions 1.7 through 1.7.3.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
