Cisco warns customers of vulnerability

/ Source: The Associated Press

Network equipment giant Cisco Systems Inc. warned its customers of a vulnerability that could allow hackers to take control of some of its products.

The problem involves a default username and password that are wired into the devices' software and can't be deactivated without a software update, according to a Cisco security advisory released Wednesday.

"Any user who logs in using this username has complete control of the device," the advisory said. "One can add new users or modify details of the existing users, and change the device's configuration."

The flaws affect Cisco's Wireless LAN Solution Engine, which is used for managing wireless access points, and the company's Hosting Solution Engine software, which is used in corporate data centers.

Hackers could target the wireless engine and hide a rogue access point, which could then be used to steal confidential information. The backdoor also could be exploited to change settings, resulting in outages.

The data center software flaw could be used to redirect a Web site, resulting in a loss of business. The vulnerabilities also could be used as a launching pad for cyberattacks, Cisco warned.

The company said it was not aware of any instances in which the flaws have been exploited. It has released a software update that resolves the problem.

Kim Otzman, a Cisco spokeswoman, said the company discovered the flaw during its own security audit of products.