Cisco AP Skyjacking
This latest vulnerability on Cisco WLAN (AP Skyjacking) points out the importance for customers to deploy overlay WIPS to have a zero day response capabilities in place. Making changes to your WLAN controller, APs, and firewalls takes time and new vulnerabilities like this will continue to surface.
A dangerous exploit that can be carried out using this vulnerability is for a hacker to route an enterprise customer’s Cisco AP to WLC deployed out in the Internet and change the Guest SSID to map to an internal enterprise VLAN (using REAP mode supported on Cisco APs); see below for Pravin’s comments.
AirTight is the only WIPS vendor who can detect this dangerous exploit (i.e. Guest SSID mapped to incorrect VLAN) and prevent this scenario. Using AirTight WIPS, you can map WLAN SSID-to-VLAN security policy (i.e. wireless-to-wired security policy mapping) thus allowing you to detect this misconfiguration and prevent a hacker from exploiting this. Using Cisco WLC+WCS+MSE or other third-party WIDS/WIPS, this scenario will go undetected for sometime thus allowing the hacker access into the customer’s enterprise network.
Customers should pay immediate attention to this vulnerability and change their default settings on their Cisco APs (i.e. out of the box configuration) and put zero day response strategy for vulnerabilities like this in the future.