FRAMINGHAM (12/08/2003) - Cisco Systems Inc. is warning customers using its Aironet wireless access points about a security vulnerability that could let attackers obtain keys used to secure communications on wireless networks. The vulnerability affects Aironet 1100, 1200 and 1400 series access points and could let Wired Equivalent Privacy keys be sent as plain text over corporate networks that use an SNMP server and have a specific option enabled on the access point, Cisco says. To be vulnerable, organizations have to be using an affected Aironet model with the IOS software, have an SNMP server deployed, be using static WEP keys for encryption and have enabled an option on the access point called "snmp-server enable traps wlan-wep." That option is disabled by default on Aironet access points, Cisco says. Cisco has issued a patch for vulnerable versions of the IOS software, 12.2(13)JA1.
[]