Networking hardware company Cisco released patches for critical security vulnerabilities that existed in its Aironet Access Point Software. Security pros at Cisco stated that the vulnerabilities could lead bad actors to remote code execution.
Up on exploit, the vulnerabilities, named CVE-2019-15260, CVE-2019-15261, and CVE-2019-15264, could allow an attacker to gain access to view sensitive information, meddle with wireless network configurations, and cause a denial of service. However, Cisco has released fixes for all the three high-severity flaws targeting its Access Point Software.
“The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges,” Cisco said in a report.
“The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected AP. An attacker could exploit this vulnerability by associating to a vulnerable AP, initiating a PPTP VPN connection to an arbitrary PPTP VPN server, and sending a malicious GRE frame through the data plane of the AP,” Cisco added.
Cisco recently released an open-source hardware tool dubbed ‘4CAN’ to find security vulnerabilities in connected cars. The newly launched security tool will allow automobile security researchers and car manufacturers to identify potential flaws in sensors and control systems in modern cars, to ensure vehicle security. Cisco stated that vulnerabilities in the control systems might cause serious threats in the cars, which allows attackers to get control of the vehicle’s system.
“To help secure modern automobile technology, Cisco has dedicated resources for automobile security. The Customer Experience Assessment & Penetration Team (CX APT) represents the integration of experts from the NDS, Neohapsis, and Portcullis acquisitions. This team provides a variety of security assessment and attack simulation services to customers around the globe. CX APT specializes in identifying vulnerabilities in connected vehicle components,” Cisco said in a statement.