Cisco has issued a security warning for two products used to manage wireless local area network (LAN) and e-business services in data centres.
The company said that a username and password coded into all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software could give attackers complete control of the devices.
The warning states: "A user who logs in using this username has complete control of the device. This username cannot be disabled. There is no workaround."
CiscoWorks WLSE provides centralised management for the Cisco wireless LAN infrastructure. It unifies the other components in the solution and actively employs them to provide continual 'Air/RF' monitoring, network security and optimisation.
It also assists network managers by automating and simplifying mass configuration deployment, fault monitoring and alerting.
HSE monitors and activates a variety of e-business services in Cisco-powered data centres.
The warning adds: "Any user who logs in using this username has complete control of the device. One can add new users or modify details of the existing users, and change the device's configuration."
The company cautioned that this could result in system-wide outages, long-term loss of information confidentiality and integrity, and yield denial of service.
Cisco said it was unaware of any attacks that use the hard-coded login information, but has advised customers to install the appropriate software patch.
You can view the original article here... http://www.newsfactor.com/story.xhtml?story_title=C...y=netsecurity#story-start