2 min
Compliance
Malicious SSIDs And Web Apps
On February 13th 2013, Cisco released a security notice related to CVE-2013-1131
[http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1131]
. According to Cisco, the vulnerability is due to improper validation of the
Service Set Identifier (SSID) when performing a "site survey" to discover other
wireless networks. On the face of it, this vulnerability seems to be low-risk.
Indeed, site surveys are not often performed and an adversary would need to
either be incredibly luc