OSVDB ID: 26878

Title: Cisco Wireless Access Point Local User List Only Configuration Weakness Authentication Bypass

Info

Disclosure

Jun 28, 2006

Discovery

Unknown

Dates

Exploit

Jun 28, 2006

Solution

Unknown

Description

Cisco Wireless Access Point contains a flaw that may allow a malicious user to gain unauthorized administrative access. The issue is triggered when the 'Local User List Only' mode is turned on, which removes all security and password configurations. It is possible that the flaw may allow remote users to access the system resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access, Wireless Vector
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 12.3(8)JA2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	IOS	12.3(8)JA
		12.3(8)JA1

References

Security Tracker: 1016399
Bugtraq ID: 18704
CVE ID: 2006-3291 (see also: NVD)
Secunia Advisory ID: 20860
SCIP VulDB ID: 2348
ISS X-Force ID: 27437
CERT VU: 544484
VUPEN Advisory: ADV-2006-2584
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0784.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/26878

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

IOS

References

Credit