Users have been warned of a security flaw in Cisco
wireless local area network controllers that could allow attackers
to send malicious traffic on secured Wi-Fi networks.
The problem affects large Wi-Fi networks using Cisco 1200, 1131
and 1240 series Wi-Fi access points that are controlled by Cisco
2000 and 4400 series wireless Lan controllers. The bug does not
affect smaller networks.
Controllers are used to control larger numbers of access points,
and to manage functions such as security policies and intrusion
prevention features.
Because of the reported flaw, access points may accept
unencrypted incoming traffic, even if the points have been
configured to accept only encrypted traffic.
An attacker could exploit this flaw to unleash malicious traffic
on a supposedly secure wireless network, the company said.
Cisco has released a software update to make sure the affected
controllers fully protect users' networks.
Cisco has also recently issued a patch to protect a security
hole in its main IOS router operating system. The update fixes a
heap-overflow vulnerability in IOS.
The flaw was originally to be revealed at the Black Hat hackers'
convention, but Cisco went to court to prevent full details of the
vulnerability being disclosed.