Cisco Warns of Security Flaw That Could Give Hackers Control
Network equipment giant Cisco Systems Inc. warned its customers of a vulnerability that could allow hackers to take control of some of its products.
The problem involves a default username and password that are wired into the devices' software and can't be deactivated without a software update, according to a Cisco security advisory released Wednesday.
"Any user who logs in using this username has complete control of the device," the advisory said. "One can add new users or modify details of the existing users, and change the device's configuration."
The flaws affect Cisco's Wireless LAN Solution Engine, which is used for managing wireless access points, and the company's Hosting Solution Engine software, which is used in corporate data centers.
Hackers could target the wireless engine and hide a rogue access point, which could then be used to steal confidential information. The backdoor also could be exploited to change settings, resulting in outages.
The data center software flaw could be used to redirect a Web site, resulting in a loss of business. The vulnerabilities also could be used as a launching pad for cyberattacks, Cisco warned.
The company said it was not aware of any instances in which the flaws have been exploited. It has released a software update that resolves the problem.
Kim Otzman, a Cisco spokeswoman, said the company discovered the flaw during its own security audit of products.
Shares of Cisco closed at $24.15, down nine cents, in 4 p.m. trading Thursday on the Nasdaq Stock Market.
思科警告某些软件缺陷可能被黑客利用
网络设备巨头思科系统(Cisco Systems Inc., CSCO, 简称:思科)向客户发出警告,称一些思科软件中存在缺陷,可能会被黑客利用来控制其产品。
据思科周三发布的安全建议,问题涉及到接入设备软件的一对默认用户名和密码,只有通过软件更新,这对用户名和密码才会失效。
报告称,任何使用该用户名登录的用户均可以完全控制设备,可添加新的用户或修改现有用户的详细资料,还可改变设备的设置。
受影响的思科软件包括用于管理无线接入点的软件--无线LAN解决方案引擎,及用于企业数据中心的软件--主机托管解决方案引擎。
黑客可以将目标锁定无线引擎,隐藏一个将来可用于窃取机密信息的接入点。这亦可用来改变设置,导致设备运行中断。
而数据中心软件的缺陷则可用于更改导向网址,从而导致业务损失。思科警告说,这些缺陷亦可用于发动电脑侵袭。
思科称,公司还未发现这些缺陷已被利用的实例。思科已推出软件更新版来解决这些问题。
思科发言人Kim Otzman说,公司在对其产品进行安全自检时发现了上述缺陷。
