It could even happen accidentally. The Cisco AP might hear broadcasts from a legitimate neighboring network and mistakenly connect to that network, he said. Or a hacker could create that same scenario intentionally in order to take control of the AP, he said.

A hacker on the outside with control of that AP could see all the traffic connecting over that AP, but also has the potential to access the enterprise's full network, Williamson said.

The vulnerability affects all of Cisco's "lightweight" APs, meaning the kind that work in conjunction with a controller, he said. That includes most of the APs Cisco has released since it acquired Airespace in 2005, he said.

Cisco spokesman Ed Tan said AirMagnet has alerted the company to the problem and that Cisco is investigating. Cisco said it takes security vulnerabilities "very seriously."

"Our standard practice is to issue public Security Advisories or other appropriate communications that include corrective measures so customers can address any issues," the company said in a statement. "For that reason we do not provide comment on specific vulnerabilities until they have been publicly reported -- consistent with our well-established disclosure process."