Cisco wireless controllers open to attack

Advisory describes seven vulnerabilities with no workarounds

Cisco this week issued a security advisory for its wireless LAN controllers, which are susceptible to seven vulnerabilities including denial of service, privilege escalation and access control list bypass. The advisory can be found here.

The affected products include the Cisco 2000, 2100, 4100, 4400 and 5500 series controllers; Wireless Services Modules (WiSMs); wireless LAN controller modules for the Cisco Integrated Services Routers; and integrated controllers for the Catalyst 3750G switch. The products are affected by at least one of the seven vulnerabilities.

There are two DoS vulnerabilities, three privilege vulnerabilities and two ACL bypass holes. The DoS vulnerabilities are an Internet Key Exchange (IKE) DoS Vulnerability and an HTTP DoS Vulnerability.

The IKE glitch allows an attacker with the ability to send a malicious IKE packet to an affected Cisco controller to cause the device to crash and reload. This vulnerability can be exploited from both wired and wireless segments.

IKE is enabled by default in the controllers and cannot be disabled, the Cisco advisory states. Only traffic destined to the Cisco controller could trigger this vulnerability, not transient traffic, according to the advisory. The IKE DoS vulnerability affects Cisco controller software versions 3.2 and later.

The HTTP hole allows an authenticated attacker with the ability to send a series of malicious HTTP packets to an affected Cisco controller to cause the device to reload. This vulnerability can be exploited from both wired and wireless segments. A TCP three-way handshake is needed in order to exploit this vulnerability, the advisory states.

This vulnerability is also triggered by traffic destined for the controller, not transient traffic.

The HTTP DoS vulnerability affects Cisco controller software versions 4.2 and later.

The three privilege escalation vulnerabilities could allow an authenticated attacker with read-only privileges to modify the device configuration. The privilege escalation vulnerabilities affect Cisco controller software versions 4.2 and later.

The ACL vulnerabilities involve traffic to and from wireless clients or to all traffic destined for the controller CPU. The vulnerabilities could allow an unauthenticated attacker to bypass policies that should be enforced by CPU-based ACLs. No other ACL types are affected by these vulnerabilities, the Cisco advisory states.

One of the two ACL bypass vulnerabilities affects Cisco controller software versions 4.1 and later. The second ACL bypass vulnerability affects Cisco controller software versions 6.0.x.Cisco says it has released free software updates that address these vulnerabilities. There are no workarounds to mitigate them, the company says. Cisco also says it is not aware of any public announcements or malicious use of the vulnerabilities, which were found during internal testing and troubleshooting of customer service requests.

More from Cisco Subnet:

 

All of today's Cisco news and blogs

Cisco wants to be the standard

Wendell Odom: Tons of Answers at Networkers

Forget Apple. RIM should fear Cisco's Cius

Why You Can No Longer Afford to Consider Presence an Optional Component

The Next Generation of Routing Architecture

Hands on with the Android tablet "Cius" that Cisco announced at Cisco Live

High Availability, Headless Communists, and Other Random Thoughts from Networkers

Lieberman Cybersecurity Bill Could Change IT Procurement

Like RSS readers? Subscribe to the Cisco Subnet RSS feed

 Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on Twitter

Follow

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022