Meanwhile, Cisco has released patches for three vulnerabilities in its Secure Access Control System (ACS), including two serious flaws that could enable a remote attacker to take complete control of an affected system.
Cisco said in its advisory that the Wi-Fi vulnerability lies within an undocumented test interface within the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router and the Cisco RVS4000 4-port Gigabit Security Router.
“This vulnerability is due to an undocumented test interface in the TCP service listening on port 32764 of the affected device,” it explained. “An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system.”
From there, an exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration. It could also allow the attacker to issue arbitrary commands on the device with escalated privileges, which could cause the device to become unresponsive or cause the device configuration to restore to the factory default.
Unfortunately, the vulnerability has been publicly disclosed and public exploit code is available, although the Cisco Product Security Incident Response Team (PSIRT) said that it “was not aware of any widespread exploitation at this time.”
Cisco said that it will release free software updates that address the vulnerabilities – timing was not revealed – but for now, workarounds that mitigate the issues are not available.
Meanwhile, Cisco has addressed three separate vulnerabilities in Secure ACS: a privilege-escalation flaw, an unauthenticated user access bug and an operating system command-injection flaw.
The last two are serious: A vulnerability in the RMI interface could allow an unauthenticated, remote attacker to access the ACS via the RMI interface, Cisco said, while a vulnerability in the web interface of Cisco Secure ACS could allow an authenticated, remote attacker to inject operating system-level commands. In both cases hackers could access the full system. For the former, an exploit could allow the attacker to access the ACS and perform administrative actions. And, an attacker could exploit the latter vulnerability by injecting operating system commands into a specific location of the ACS web interface.
“An exploit could allow the attacker to perform operating system-level commands without shell access, impacting the confidentiality, integrity or availability of the system,” Cisco said.