Cisco releases four security patches for its WLAN controller

Cisco today released four security alerts and patches for its Cisco Wireless LAN Controller. It also released an additional two more security alerts regarding Oracle Software (go figure?). Cisco rates three of the four WLAN alerts as mild and one as moderate. All have fixes available for download. These vulnerabilities affect all of Cisco’s wireless LAN controllers, including the Catalyst 6500 and 7600 wireless modules, with software version 4.2 or higher.Here are the details per the Cisco's Security Center site.

Cisco Wireless LAN Controller Privilege Escalation Vulnerability

This is a hole in the default configuration of the Wireless LAN Controller local management service. It is due to an error in the device when it handles requests for the local management service. An authenticated, remote attacker could exploit the vulnerability to gain administrative permissions, resulting in complete control of the device. Cisco rates the severity of this vulnerability as moderate.

Cisco Wireless LAN Controller Web Authentication Denial of Service Vulnerability

This is a vulnerability that could allow an unauthenticated, remote attacker to create a denial of service condition. Cisco rates the severity of this vulnerability as mild. It is due to an error in the web authentication process when the device handles packets designed to exploit the hole.  An unauthenticated, remote attacker would exploit this vulnerability by sending evil packets to the affected system.  When the packet is processed, the device may reload, resulting in a denial of service condition.

Cisco Wireless LAN Controller Malformed POST Message Handling Denial of Service Vulnerability

Similarly, this is a vulnerability due to an error when the device handles certain invalid POST requests to the web authentication page. If an attacker deliberately sends a malformed POST request, it could force the device to reload, resulting in a DoS condition. Cisco rates the severity of this threat as mild.

Cisco Wireless LAN Controller IP Packet Handling Denial of Service Vulnerability

Cisco Wireless LAN Controller versions 4.1 and later contain a hole due to an error when handling certain IP packets.  An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious IP packet to the affected device, which may cause the Cisco WLC to restart or become unresponsive, resulting in a DoS condition. Exploit code is out there for this vulnerability, Cisco says, but rates the overall severity of the exploit as mild.

More from Cisco Subnet: Cisco adds new online questions module to CCIE lab examCisco in the home: Anonymous or poised for domination?How does Cisco IronPort prevent directory harvest attacks?Complete end-to-end Nexus data center design ... (almost)OSPF puzzle: Analyzing OSPF metrics, human styleGetting Started with the CCNA WirelessGo to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, training/book giveaways, and more. 

*

*

*

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.