Cisco fixes serious flaws in enterprise-grade Catalyst and Aironet access points

Cisco has released another batch of security updates, the most critical of which fixes a vulnerability that could allow unauthenticated, remote attackers to gain access to vulnerable Cisco Aironet wireless access points.

Cisco Aironet APs are enterprise-grade access points used for branch offices, campuses, organizations of all sizes, enterprise and carrier-operator Wi-Fi deployments, and so on.

Cisco Aironet vulnerabilities

During the resolution of a Cisco TAC support case, the company’s technicians discovered a number of vulnerabilities affecting several series of Cisco Aironet APs and Catalyst APs.

The most crucial one is CVE-2019-15260, which could be exploited by attackers by requesting specific URLs from an affected AP and allow them to gain access to the device with elevated privileges.

“While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP,” Cisco explained.

The other three – CVE-2019-15264, CVE-2019-15261 and CVE-2019-15265 – are less critical as the can “only” lead to DoS conditions.

There are no workarounds for any of the mentioned flaws, so administrators are advised to update to Cisco Aironet AP software releases 8.5.151.0 and later, 8.8.125.0 and later, and 8.9.111.0 and later to fix all of them. Release 8.10 is not vulnerable to any of them.

Finally, there is a separate DoS flaw that affects some of the Aironet devices: CVE-2019-15262 affects the SSH session management for Cisco Wireless LAN Controller (WLC) Software, and should also be fixed through a software upgrade.