Forum

Message Type : Security Advisory
Title: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
URLs:
http://www.cisco.com/en/US/customer/products/products_security_advisory09186a0080a6c1dd.shtml
(available to registered users)
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml
(available to non-registered users)
Posted: February 4, 2009

Summary: Multiple vulnerabilities exist in the Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers. This security advisory outlines details of the following
vulnerabilities:

* Denial of Service Vulnerabilities (total of three)
* Privilege Escalation Vulnerability

These vulnerabilities are independent of each other.
Cisco has released free software updates that address these vulnerabilities.
There are no workarounds available for these vulnerabilities.
Update on Wednesday, February 4, 2009 at 10:59PM by Registered CommenterGeorge

UPDATE:

Cisco today released four security alerts and patches for its Cisco Wireless LAN Controller. It also released an additional two more security alerts regarding Oracle Software (go figure?). Cisco rates three of the four WLAN alerts as mild and one as moderate. All have fixes available for download. These vulnerabilities affect all of Cisco???¡é?¡é?????¡é???¡és wireless LAN controllers, including the Catalyst 6500 and 7600 wireless modules, with software version 4.2 or higher.Here are the details per the Cisco's Security Center site.

Cisco Wireless LAN Controller Privilege Escalation Vulnerability

This is a hole in the default configuration of the Wireless LAN Controller local management service. It is due to an error in the device when it handles requests for the local management service. An authenticated, remote attacker could exploit the vulnerability to gain administrative permissions, resulting in complete control of the device. Cisco rates the severity of this vulnerability as moderate.

Cisco Wireless LAN Controller Web Authentication Denial of Service Vulnerability

This is a vulnerability that could allow an unauthenticated, remote attacker to create a denial of service condition. Cisco rates the severity of this vulnerability as mild. It is due to an error in the web authentication process when the device handles packets designed to exploit the hole. An unauthenticated, remote attacker would exploit this vulnerability by sending evil packets to the affected system. When the packet is processed, the device may reload, resulting in a denial of service condition.

Cisco Wireless LAN Controller Malformed POST Message Handling Denial of Service Vulnerability

Similarly, this is a vulnerability due to an error when the device handles certain invalid POST requests to the web authentication page. If an attacker deliberately sends a malformed POST request, it could force the device to reload, resulting in a DoS condition. Cisco rates the severity of this threat as mild.

Cisco Wireless LAN Controller IP Packet Handling Denial of Service Vulnerability

Cisco Wireless LAN Controller versions 4.1 and later contain a hole due to an error when handling certain IP packets. An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious IP packet to the affected device, which may cause the Cisco WLC to restart or become unresponsive, resulting in a DoS condition. Exploit code is out there for this vulnerability, Cisco says, but rates the overall severity of the exploit as mild.