>From the links you provided, for the current generation products, it appears to be more based web and SNMP based vulnerabilities. IE they're talking about Cross site scripting and other web based attacks on the web based GUI. They even go so far to say these vulnerabilities are well known. I wouldn't be surprised if the SNMP specific attack is a rehash of the 2007 Security Advisory:
http://www.ciscosystems.ro/en/US/products/products_security_advisory09186a008081e189.shtml <http://www.ciscosystems.ro/en/US/products/products_security_advisory09186a008081e189.shtml> *Default SNMP Community Strings* The WLC uses the commonly known values of "public" and "private" for its read-only and read-write SNMP community strings. This vulnerability is documented by Cisco Bug ID CSCse02384<http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCse02384> I can't remember on my last controller install if Cisco removed Default SNMP settings, as this bug is marked fixed. I also wonder if the Cross site scripting vuln, is a privilege escalation (IE, you have to be authenticated on the box already say with a lobby ambassador account, and perform a privilege escalation attack to work up to administrator) All that being said, the web GUI should be secured, and if it's well known exploits in that it's common on web-interfaces, Cisco should utilized better security practices when coding the web-interface. Mike On Fri, Apr 16, 2010 at 1:31 PM, <j...@nww.com> wrote: > Dear folks, > > > > This may be something you're already familiar with. But I'm passing it on > for what it's worth…. > > > > Someone just sent me this link, to a ZDnet story apparently reporting on a > presentation at BlackHat/Europe conference. > http://www.zdnet.co.uk/news/security-threats/2010/04/16/security-researchers-demo-cisco-wi-fi-flaws-40088653/?tag=mncol;txt > > > > BUT don't click on that yet! > > > > The story ABOUT the presentation seems a big dicey to me. (A better one -- > based on a quick skim -- seems to be this story at DarkReading, which > interviewed the presenter, Enno Rey, before BlackHat > http://www.darkreading.com/vulnerability_management/security/perimeter/showArticle.jhtml?articleID=224202409 > .) > > > > I've done some additional digging, and I think the same team presented the > same material at the recent SchmooCon. > > > > Here's the SchmooCon video: http://www.ustream.tv/recorded/4500990 > > > > FYI, here's the link to the capsule BlackHat session summary and the > presenters: http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html > > > > The presenter in both is Enno Rey, with ERNW GmbH, based in Germany. Their > English language website is here > http://ernw.de/content/e15/e26/index_eng.html > > > > Rey mentions an infosec blog: http://www.insinuator.net/ > > > > I've only checked the opening minutes of the video. Rey is looking at 2 > Cisco WLAN "architecturs" -- SWAN and the current CUWN. Apparently a big > part of the presentation is potential problems in the Cisco's proprietary > Wireless LAN Context Control Protocol (WLCCP). > > > > There you go….I'll pull this together for a blogpost > http://www.networkworld.com/community/blog/2989 at Network World later > today. Unless you all tell me this was old news from 2 years ago or > something…. > > > > Regards, > > John Cox > > ______________________________________________________ > > > > *J o h n C o x * > > Senior Editor > > Main: 508.766.5301 | Direct: 508.766.5422 > > Office at home: 978-834-0554 > > > > *NETWORK**WORLD* > > Maximize Your Return on IT > > 492 Old Connecticut Path | Framingham, MA 01701-9002 > > ______________________________________________________ > > NetworkWorld.com <http://www.networkworld.com/> | 2009 Media > Guide<http://www.networkworld.com/media/> | > Conferences and Events <http://www.networkworld.com/events/> > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
