Cisco WLAN Vulnerability Uncovered by Researchers
esearchers at AirMagnet have uncovered a serious flaw in a provisioning system used by Cisco Systems WLANs that could enable attackers to gain access to WLAN-attached systems.
According to AirMagnet's Intrusion Research Team, the vulnerability, announced Aug. 25, lies in Cisco's OTAP (Over-the-Air-Provisioning) feature, which helps users deploy WAPs (wireless access points). OTAP allows access points to discover the management IP address of the WLAN controller. However, the feature can also expose network information. The access points can be incorrectly assigned to an outside Cisco controller by an attacker—an exploit AirMagnet terms a SkyJack.
"As part of the Over-the-Air-Provisioning feature, Cisco APs regularly broadcast a variety of configuration information including the IP and MAC [media access control] address of the controller where the AP is currently connected," said Wade Williamson, AirMagnet's director of product management. "Unfortunately, anyone else listening to the air can do the same thing, as this information is in the clear … there is seemingly no way to make the Cisco APs not broadcast this information even if the OTAP feature is turned off."