Cisco Wireless LAN Controller Multipule Vulnerabilities

Last Update Date: 24 Jan 2013 12:17 Release Date: 24 Jan 2013 3556 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Cisco Wireless LAN Controller. A remote authenticated user can execute arbitrary code and modify the configuration on the target system, and cause denial of service conditions.

  1. A remote user can send specially crafted IP packets to the target device configured with Wireless Intrusion Prevention System (wIPS) via the wired or wireless interfaces to cause the target device to reload.
  2. A remote user can send specially crafted Session Initiation Protocol (SIP) packets to the target wireless access point (managed by the WLC) via the wired or wireless interfaces to cause the target device to reload.
  3. A remote authenticated user can send a specially crafted UserAgent string via the wired or wireless interfaces to execute arbitrary code on the target system . Only systems with the HTTP Profiling feature enabled and running version 7.3.101.0 are affected.
  4. A remote authenticated user can view and modify the configuration of the target device via SNMP when the "management over wireless" feature is disabled.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Cisco Wireless LAN Controller version 7.0, 7.1, 7.2, 7.3
  • The following product models are affected:
    • Cisco 2000 Series WLC
    • Cisco 2100 Series WLC
    • Cisco 2500 Series WLC
    • Cisco 4100 Series WLC
    • Cisco 4400 Series WLC
    • Cisco 5500 Series WLC
    • Cisco 7500 Series WLC
    • Cisco 8500 Series WLC
    • Cisco 500 Series Wireless Express Mobility Controllers
    • Cisco Wireless Services Module (Cisco WiSM)
    • Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
    • Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
    • Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
    • Cisco Catalyst 3750G Integrated WLCs
    • Cisco Flex 7500 Series Cloud Controller
    • Cisco Virtual Wireless Controller
    • Cisco Wireless Controller Software for Integrated Services Module 300 and
    • Cisco Services-Ready Engine 700, 710, 900, and 910

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (7.0.240.0, 7.2.111.3, 7.3.110.0)

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Chrome Multiple Vulnerabilities

24 Jan 2013 3532 Views

Next

Barracuda Products SSH backdoor vulnerability

25 Jan 2013 3548 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY