COMMAND

    Cisco

SYSTEMS AFFECTED

    Cisco Aironet 340 Series Wireless Bridge

PROBLEM

    Following is based on a Cisco Security Advisory.  It is possible
    to view and  modify the bridge's  configuration via Web  interface
    even  when  Web  access  is  disabled  in the configuration.  This
    defect is documented as Cisco  bug ID CSCdt52783.  This  defect is
    present in the following hardware models:

        * Aironet AP4500,
        * Aironet AP4800,
        * Aironet BR100,
        * Aironet BR500,
        * Cisco Aironet AIR-BR340

    The firmware release  8.55 is the  first image which  contains the
    fix.   All  previous  firmware  releases  for  listed  devices are
    vulnerable.   No other  Aironet/Cisco Aironet  wireless product is
    affect by this vulnerability.  This advisory is available at the

        http://www.cisco.com/warp/public/707/Aironet340-pub.shtml

    The following hardware models are affected:

        * Aironet AP4500,
        * Aironet AP4800,
        * Aironet BR100,
        * Aironet BR500,
        * Cisco Aironet AIR-BR340

    They are vulnerable to this defect if they are running any of  the
    following firmware releases:

        * 7.X
        * 8.07
        * 8.24

    It  is  possible  to  view  and modify the bridge's configuration,
    using Web interface, despite  it being explicitly disabled.   This
    vulnerability  is  exploitable  over  the  wired and wireless link
    alike.

    An attacker is able to  modify the bridge's configuration.   It is
    necessary for an  attacker to obtain  connectivity to the  bridge.
    That  can  be  done  either  using  wired  or  wireless   Ethernet
    interface.

SOLUTION

    The release 8.55 is the first release where this vulnerability  is
    fixed.   No  other  Aironet/Cisco  Aironet  wireless  products are
    affected by this defect.

    There is no workaround if an attack is coming from wired  Ethernet
    interface.  To mitigate this vulnerability if an attack is  coming
    over the wireless link the following actions may be taken:

        * Change SSID to non guessable value
        * Turn on WEP encryption if possible
        * On  bridges  (BR100,  BR500  and AIR-BR340) turn off  access
          point mode.  That will disallow direct access to the  bridge
          by any client.