Cisco wireless points include hardcoded passwords

A number of Cisco wireless devices have been designed with hardcoded passwords, including Wi-Fi gear, WLAN controllers, and ISE.Cisco wireless points designed with hardcoded passwords.

Bad days for IT giants, recently an unwanted code was discovered in Juniper appliances and a hardcoded backdoor affects some Fortinet Firewalls. Problems of a different nature, but equally uncomfortable, afflicts Cisco wireless LAN controllers, the Cisco Identity Services Engine, and Aironet access points.

The Aironet 1800 series is affected by the CVE-2015-6336 vulnerability that consist in the presence of a hardcoded static password granting access to the device. A remote attacker could exploit the flaw to log in to the device by using a default account having a static password, fortunately, the account does not have full administrative privileges, this means that attacker cannot take over the device and worst attack scenario is represented by a denial-of-service attack.

Vulnerable Cisco access points are the 1830e, 1830i, 1850e and 1850i, that need to be updated.

The CVE-2015-6317 and CVE-2015-6323 affects the Cisco Identity Services Engine.

The CVE-2015-6317 flaw could be exploited by a low-privileged authenticated, remote attacker to access specific web resources that are designed to be accessed only by higher-privileged administrative users. An attacker can escalate its privileges to access the administrative web resources directly.

The CVE-2015-6323 is a critical bug that could be exploited to allow a remote attacker gaining unauthorized access to a vulnerable device.

“A successful exploit may result in a complete compromise of the affected device. Customers are advised to apply a patch or upgrade to a version of the Cisco ISE software that resolves this vulnerability. states the CISCO advisory.

Also in this case, the company has already issued software updates that fix these vulnerabilities. An attacker can exploit the flaw to gain a remote access to device configuration.

“A successful exploit may result in a complete compromise of the affected device. Customers are advised to apply a patch or upgrade to a version of the Cisco ISE software that resolves this vulnerability.” states CISCO.

Pierluigi Paganini

(Security Affairs – CISCO, Cyber Security)