Cisco Access Point Web browser unauthorized administrative access

cisco-ap-browser-unauth-access (27437) The risk level is classified as MediumMedium Risk

Description:

Multiple Cisco Access Point devices with the Web management interface enabled could allow a remote attacker to gain unauthorized administrative access to the device. If the "Security > Admin Access" setting is changed to "Local User List Only (Individual Passwords) from "Default Authentication (Global Password)", the Access Point will be reset with no password enabled. An attacker could exploit this vulnerability to gain unauthorized administrative access to an affected device through the Web management interface or the console port.


Consequences:

Gain Access

Remedy:

Refer to Cisco Security Advisory cisco-sa-20060628-ap for patch, upgrade, or suggested workaround information. See References.

References:

  • cisco-sa-20060628-ap: Cisco Security Advisory: Access Point Web-browser Interface Vulnerability.
  • BID-18704: Cisco Access Point Web Interface Authorization Bypass Vulnerability
  • CVE-2006-3291: The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the Local User List Only (Individual Passwords) setting, which removes all security and password configurations and allows remote attackers to access the system.
  • OSVDB ID: 26878: Cisco Wireless Access Point Local User List Only Configuration Weakness Authentication Bypass
  • SA20860: Cisco Wireless Access Point Web Management Vulnerability
  • SECTRACK ID: 1016399: Cisco Access Point Configuration Error May Let Remote Users Gain Administrative Access
  • US-CERT VU#544484: Cisco Access Point Web Browser Interface contains a vulnerability
  • VUPEN/ADV-2006-2584: Cisco Access Point Web-browser Interface Unauthorized Administrative Access Issue

Platforms Affected:

  • Cisco IOS 12.3(8)JA
  • Cisco IOS 12.3(8)JA1

Reported:

Jun 28, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page