• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Cisco Enterprise Wireless (Wi-Fi) Equipment DoS Vulnerability Discovered

February 6, 2009

Views: 4,963

[ad]

If your organisation is using any kind of Cisco Wi-Fi kit it may be time to get the latest patches for your kit. Although they state there is no proof that hackers have used this attack in the wild – in my experience if Cisco have discovered this now, someone else probably knew about it earlier.

There are multiple vulnerabilities mostly concerning malformed packets sent to the web authentication interface which can cause a reload or hanging of the hardware device.

Cisco is urging admins to update their wireless LAN hardware following the discovery of multiple vulnerabilities in its enterprise Wi-Fi kit.

Security flaws in Cisco Wireless LAN Controllers, Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers create a mechanism for hackers to knock over vulnerable hardware.

All Cisco Wireless LAN Controllers running version 4.2 of the network giant’s software are affected by a pair of denial of service flaws. A third DoS flaw affects software versions 4.1 and later.

The denial of service bugs include a flaw in the handling of Web authentication, which can cause an affected device to reload, and a separate flaw (that also affects version 4.1 of the software) that means vulnerable kit can freeze up on receipt of malformed data packets.

Even if you have recent software (version 4.1) it’s also vulnerable to a separate flaw, which also needs to be patched. I’d imagine now the news is out, even if no one had discovered this previously a little bit of reverse engineering with yield some proof or concept or even a working exploit for these flaws.

You need to check your model numbers though as not all wireless devices are affected.

The same set of potential problems affects Cisco Catalyst 6500 Series/7600 Series Wireless Services Module and Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers but not the equivalent wireless modules on Cisco 2800 and 3800 series Integrated Services Routers. Cisco 2000 and 2100 Series Wireless LAN Controllers are also unaffected by the vulnerability.

The denial of service problem is not the only issue to consider. Version 4.2.173.0 of Cisco’s Wireless LAN controller software is affected by a privilege escalation vulnerability. The security bug creates a means for an ordinary user to gain full administrative rights.

“Successful exploitation of the denial of service vulnerabilities may cause the affected device to hang or reload,” a security advisory from Cisco explains. “Repeated exploitation could result in a sustained DoS condition. The privilege escalation vulnerability may allow an authenticated user to obtain full administrative rights on the affected system.”

One of the flaws is a little more serious resulting in privilege escalation, the end result being administrative access. It does say though you need to be an authenticated user to achieve this – but as they say the majority of attacks come from within an organisation anyway.

As always be wary, and keep your patches up to date. A lot of organisations I’ve audited are very good on patching software, their antivirus is updated daily, Windows updates are applied regularly but often I’ve found hardware and especially Cisco devices woefully out of date.

The problem was discussed here a while ago with the Cisco Vulnerability Given ‘Write Once, Run Anywhere’ Treatement. Cisco needs to make it easier and more efficient for people to update their devices.

Source: The Register

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Exploits/Vulnerabilities, Hardware Hacking, Networking Hacking Tools Tagged With: cisco, cisco exploit, Hardware Hacking, Network Hacking, vulnerabilities



Reader Interactions

Comments

  1. cbrp1r8 says

    February 9, 2009 at 2:35 pm

    “my experience if Cisco have discovered this now, someone else probably knew about it earlier.”

    You can take that to the bank! :D

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 285

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 493

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 490

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 687

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Views: 8,466

Introduction: How Much of the Internet Can You See? You're only scratching the surface when you … ...More about Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for forensic investigations and recovery scenarios.

DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Views: 468

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for … ...More about DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (227)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (73)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,291,646)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,069)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,614)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,675)
  • Password List Download Best Word List – Most Common Passwords (933,462)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,130)
  • Hack Tools/Exploits (673,286)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,143)

Search

Recent Posts

  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025
  • Understanding the Deep Web, Dark Web, and Darknet (2025 Guide) April 30, 2025
  • DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux April 28, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy