Cisco Wireless LAN Controllers Multiple vulnerabilities

Last Update Date: 6 Mar 2014 12:12 Release Date: 6 Mar 2014 4130 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities have been identified in Cisco Wireless LAN Controllers. The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities:

Cisco Wireless LAN Controller Denial of Service Vulnerability
Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability
Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability
Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability
Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability
Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability

Impact

Denial of Service
Elevation of Privilege
Security Restriction Bypass

System / Technologies affected

Cisco 500 Series Wireless Express Mobility Controllers
Cisco 2000 Series Wireless LAN Controllers
Cisco 2100 Series Wireless LAN Controllers
Cisco 2500 Series Wireless Controllers
Cisco 4100 Series Wireless LAN Controllers
Cisco 4400 Series Wireless LAN Controllers
Cisco 5500 Series Wireless Controllers
Cisco Flex 7500 Series Wireless Controllers
Cisco 8500 Series Wireless Controllers
Cisco Virtual Wireless Controller
Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (Cisco WiSM)
Cisco Wireless Services Module version 2 (WiSM2)
Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
Cisco Catalyst 3750G Integrated WLC
Cisco Wireless Controller Software for Services-Ready Engine (SRE)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Cisco has released free software updates that address these vulnerabilities.

Vulnerability Identifier

Source

AusCERT