nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Stop us if you've heard this: Cisco Aironet has hard-coded passwords

Get patching, friends

By Richard Chirgwin, 6 Apr 2017

Cisco's discovered that its Mobility Express Software, shipped with Aironet 1830 Series and 1850 Series access points, has a hard-coded admin-level SSH password.

The default credentials open affected devices to remote exploitation if an attacker has “layer 3 connectivity to an affected device”.

The bug is in access points running “an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point”.

Switchzilla's advisory adds that “this advisory is part of a collection” for the Aironet 1830/1850 series.

Also strutting the catwalk in the Aironet Spring Catalogue:

Patches are available to fix up these design blunders. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing