Cisco warns of four WLAN controller vulnerabilities
Cisco Wednesday issued a security alert warning of a quartet of vulnerabilities affecting all of its wireless LAN controllers, including the Catalyst 6500 and 7600 wireless modules, with software version 4.2 or higher.
Three are denial-of-service attacks. The fourth, specific to one particular software version, could allow a restricted user to gain full administrative rights to the controller. The DoS attacks could cause the controllers to hang or reload, with repeated attacks creating a sustained service denial condition, according to the alert.
No workarounds for these vulnerabilities exist. But Cisco has posted software patches for all four of them.
[Compare enterprise WLAN products with our online Wireless & Mobile Product Guide]
Two of the DoS attacks are aimed at Web authentication. In one instance, the attacker can use a vulnerability scanner to cause the controller to stop servicing Web authentication for wireless clients, or cause the controller to reload. The second can trigger a controller reload by sending a malformed post to the Web authentication "login.html" page.
The third DoS attack involves the controller receiving "certain IP packets" that trigger a "DoS condition," causing the controller to become unresponsive. This is limited to software version 4.1 in the 4400 series, Catalyst 6500 Wireless Services Module, and 3750 Integrated Wireless LAN Controllers.
The last attack, classed as a "privilege escalation vulnerability," exists only in controller software version 4.2.173.0. A successful exploitation may allow an unauthenticated user to gain full administrative rights to the targeted controller.
» posted by ITworld staff
Network World
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
cisco
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
