Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
0
Helpful
3
Replies

New Cisco vulnerabilities publically disclosed - demonstration exploit tutorial.

dazza_johnson
Level 5
Level 5

‎01-23-2013 08:03 PM - edited ‎07-03-2021 11:24 PM

Hi all.

I discovered a software vulnerability related to Cisco wireless LAN controllers back in June 2012. I immediately reported this to Cisco PSIRT (Product Security Incident Response Team). As of 23rd January 16:00 UTC, Cisco has released a public disclosure. It can be seen here.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc

I have documented a full demonstration of this exploit using my OG150 security drop box. If you are interested go to my website; http://www.og150.com/tutorials.php and download the PDF related to "Razzlerock Hack" - CVE ID CVE-2013-1105. Note: Cisco PSIRT are aware of this publically released document.

If you have any comments please let me know.

Thanks

DJ

Labels:
0 Helpful
3 Replies 3

David Watkins
Level 4
Level 4

‎02-13-2013 11:32 AM

Slick

This should help people see, very effectively, why they need to remove the default public/private community strings from their SNMP config of the WLC.  Nice work

0 Helpful

dazza_johnson
Level 5
Level 5
In response to David Watkins

‎02-13-2013 04:59 PM

Hi David, thanks for the response :-) You are exactly right, change the default community strings is a good place to start in mitigating this attack. There is also an enhancement request now filed to have NO default community strings enabled in the WLC software.

Thanks again, good to hear some feedback.

DJ

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to dazza_johnson

‎02-13-2013 05:35 PM

I published back in 2009 how one can gather the IP address from the RRM packet, gain the controller IP, and use the default string with a 30 day demo of WCS... Network is toast ..

http://www.my80211.com/security-labs/2009/9/5/there-is-more-to-the-recent-cisco-wireless-otap-issue-that-i.html

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card