Cisco warns of wireless security hole

Cisco is warning customers about a security hole in two products used to manage wireless LANs and e-business services in corporate data centers. The company said Wednesday that a user name and password coded into some versions of its Wireless LAN Solution Engine and Hosting Solution Engine software could give attackers complete control of the devices. Attackers could use the default logins to hide rogue wireless access points on wireless LANs, create and modify user privileges or change configuration settings, Cisco said. The vulnerability affects versions 2.0, 2.0.2 and 2.5 of the Wireless LAN Solution Engine (WLSE) and versions 1.7, 1.7.1, 1.7.2 and 1.7.3 of the Hosting Solution Engine (HSE). The San Jose company posted software patches on its Web site for both products.

The WLSE product manages Cisco Aironet wireless LAN (WLAN) infrastructures, tying together different Aironet products, such as wireless access points, and making it easier for administrators to deploy, monitor and configure the devices on their WLAN. The WLSE also has security features that can spot unauthorized, or "rogue," access points and applying wireless networking security polices to devices on the network, Cisco said.

Read Full Story