Cisco Systems has urgently released patches for a range of wireless products after security firm Net Assurance discovered vulnerabilities within these products.
Specifically, Assurance identified security flaws in the Cisco Wireless LAN Solution Engine, Cisco Hosting Solution Engine (HSE), Ethernet Subscriber Solution Engine (ESSE), CiscoWorks2000 Service Management Solution (SMS), Cisco VLAN Policy Server (VPS), and the ME1100 Series of the Cisco Management Engine.
Cisco officially announced these patches on April 20, following assistance from Assurance since January 31, 2006, to address the related issues.
Adam Pointon, the CEO of Assurance, stated that these vulnerabilities are easily exploitable and could allow the installation of a “rogue administrator” account to gain access to the operational system by entering a special command into Cisco’s command-line administrative interface.
“Successfully exploiting these security flaws could enable a rogue administrator account to install unauthorized software on devices without detection. That is truly a serious issue.”
Neal Wise from Assurance emphasized that if these devices are not properly maintained, they could become a liability for businesses. However, Wise also praised Cisco’s ability to quickly address the vulnerabilities.
A spokesperson for Cisco stated that there have been no attacks exploiting the aforementioned vulnerabilities to date. Customers are urged to promptly update the patches through the company’s website.
Hoàng Dũng
