Thanks xStaindx
Networking giant Cisco Systems warned customers on Wednesday about a security flaw that could compromise two products used to manage wireless local area network devices and data center switches.
The company said in the warning posted on its Web site that a preset username and password coded into its Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) could give attackers complete control of the devices. Attackers could use this control to add new users, modify details of existing users or even change the device"s configuration, the company said. WLSE is software that manages Cisco Aironet Wi-Fi products such as the wireless access points. The product simplifies the configuration and monitoring of the Aironet devices. It also has security features that can detect unauthorized or rogue access points. If an attacker is able to control this management tool, he or she could hide the presence of a rogue access point or change the radio frequency plan, potentially causing systemwide outages.
The HSE is an appliance that manages data center network infrastructure, such as switches that balance loads across e-business servers. The product allows authorized users to remotely monitor, activate and configure services and devices, even through firewalls. The security hole could allow attackers who gain access to the device to use it as a launching platform to redirect traffic coming into or out of the data center. Ultimately, this could result in network downtime and revenue loss. The vulnerability affects WLSE versions 2.0, 2.0.2 and 2.5 and HSE versions 1.7 through 1.7.3. Cisco said there is no way to work around the problem and that it is urging customers to download software patches it has posted on its Web site.