Cisco fixes critcal WLAN flaws, warns Microsoft hole puts Cisco Unity at risk

Patches are available for WLAN flaws but not yet for the Unity vulnerability.

Cisco on Tuesday warned users of its Unity unified communications products that they are at risk from a flaw in Microsoft Internet Explorer that spurred Microsoft into an emergency, out-of-band patch. In addition, Cisco on Monday released a patch to fix multiple flaws in its WLAN controllers that affect a long list of Cisco routers.

The Active Template Library (ATL) Vulnerability is a hole that Microsoft scrambled to fix on Tuesday before researchers at Black Hat on Wednesday demonstrate how to exploit it. More specifically, the hole stemmed from a flaw in Microsoft development products. Code built from the development tools contained the flaw. After months of investigation, researchers thought they fixed the hole via a killbit in Internet Explorer. A killbit tells an app not to run certain types of code. Researchers tomorrow wil be demonstrating how to override killbit workarounds. Hence, Microsoft is quickly pushing out a patch but the Cisco Unity 4.x, 5x., and 7.x products are at risk. Cisco explains:

"Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site."

Yesterday, Cisco issued a patch for a range of routers that fixes several critical holes in its WLAN controllers.
Cisco 1500 Series, 2000 Series, 2100 Series, 4400 Series, 4100 Series, 4200 Series, Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Cisco Catalyst 3750G Integrated Wireless LAN Controllers are affected.

Some of the holes can lead to DoS attacks and others can allow a remote attacker to gain full control over the Wireless LAN Controller. Patches and workarounds have been released to address all of the holes, Cisco says.

Earlier this month, Cisco released a patch that fixed a vulnerability in the Unified Contact Center Express Administration Pages, too. Cisco explains:

"Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack."

^{- Posted by Cisco Subnet editor Julie Bort.}

More from Cisco Subnet:

• Can Cisco benefit from Avaya/Nortel deal?
• Move to FCoE expected to favor Cisco, NetApp
• Alcatel-Lucent follows Juniper with 100G Ethernet; where's Cisco?
• Juniper tries to pound spike into Cisco's heart
• Password Cracking with CUDA
• Cisco Releases substantial update to its Enterprise Security Management Platform
• NANOG46 and Cisco Live had Significant Focus on IPv6

Win great stuff from Cisco Subnet
Like e-mail? Subscribe to the Cisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feed
Follow Cisco Subnet on Twitter.

• Cisco
• Cisco Security
• Cisco security advisory
• Cisco security alert
• Microsoft security
• patches
• security
• WLAN security