Cisco’s wireless LANs could be open to a ‘SkyJack’

Attackers have the potential to cause enterprise disruption through denial of service.

Some Cisco LAN (Local Area Network) devices have a vulnerability that could allow a hacker to hit them with a Denial of Service (DoS) attack.

According to a Cisco alert, the flaw is due to the devices not having enough security for wireless access point association sequences.

An attacker could exploit the vulnerability by injecting malicious packets into the wireless network, where newly added access points are seeking controllers.

With the exploit the attacker could make the LAN device associate with a rogue' controller, preventing the device from servicing network clients and resulting in a DoS.

Security firm AirMagnet originally found the vulnerability, calling it SkyJacking'. It said that if the Cisco access point connected to the rogue' controller, it could lead outside an enterprise and therefore be under outside control.

"This same mechanism could be done intentionally by a hacker to purposely SkyJack access points and take control of an enterprise's access point," said the company.

However, Cisco replied that there was no risk of data loss or interception at the rogue access point or wireless LAN controller, and that a DoS would be the only problem.

The Cisco Lightweight Wireless Access Point 1100 and 1200 series devices are affected. Cisco said that software updates were not yet available.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020
Egregor ransomware could take up where Maze left off
Security

Egregor ransomware could take up where Maze left off

26 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
Weekly threat roundup: Cisco, BlueKeep, Apache Unomi
Security

Weekly threat roundup: Cisco, BlueKeep, Apache Unomi

19 Nov 2020