Situation
Cisco has released a patch to update Aironet Access Point software for their wireless controllers and access points. This is to prevent a vulnerability that allows for insufficient access control for certain URLs on an affected device. This could result in denial of service, remote reset of end devices, modification of the SSID wireless ID information, and view sensitive information on the network.
Problem
Unpatched Cisco Aironet controllers and access points could allow for an attacker to gain access to the device with elevated privileges.
Implication
If an attacker is able to exploit this vulnerability they could then view sensitive information and replace some options with values of their choosing, including wireless network configurations, as well as the viewing of sensitive information. An attacker could also disable the access point, creating a denial of service (DoS) condition for clients associated with that access point.
Need
Make sure that your Cisco Aironet controllers and access points are up to date with the most recent software version. Version and additional details can be found in the link below.
