[原文]The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.
Cisco Wireless Access Point Local User List Only Configuration Weakness Authentication Bypass
Remote / Network Access,
Loss of Confidentiality
Cisco Wireless Access Point contains a flaw that may allow a malicious user to gain unauthorized administrative access. The issue is triggered when the 'Local User List Only' mode is turned on, which removes all security and password configurations. It is possible that the flaw may allow remote users to access the system resulting in a loss of confidentiality.
Upgrade to version 12.3(8)JA2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.