|
|
>> Cisco Wireless LAN Controller Security Bypass and Denial of Service Vulnerabilities
|
Multiple vulnerabilities have been identified in Cisco Wireless LAN Controller (WLC), which could be exploited by attackers to cause a denial of service or gain unauthorized access to a vulnerable network.
The first issue is caused by the presence of commonly known ("public" and "private") read-only and read-write SNMP community strings, which could be exploited by attackers to read or modify the configuration of the WLC via SNMP.
The second vulnerability is caused by an error when processing malformed Ethernet traffic, which could allow unauthenticated attackers on a local network segment to crash the WLC, creating a denial of service condition.
The third issue is caused by errors in the Network Processing Unit (NPU) when processing specially crafted SNAP packets, malformed 802.11 traffic, or packets with unexpected length values in certain headers, which could be exploited by unauthenticated attackers on a local wireless network segment to prevent the WLC from passing traffic, resulting in either a partial or complete denial of service condition.
The fourth vulnerability is caused by the presence of a hard-coded service password that is used for troubleshooting, which could be exploited by an attacker with physical access to take control of an affected Lightweight Access Point.
The fifth issue is caused by an error when processing certain WLAN ACLs, which could cause the WLAN ACL configuration to be saved with an invalid checksum, resulting in a silent and unexpected change to the security posture of a wireless network.
Affected Products
Cisco Wireless LAN Controller (WLC) versions 4.0.x
Cisco Wireless LAN Controller (WLC) versions 3.2.x
Cisco 4400 Series Wireless LAN Controllers
Cisco 2100 Series Wireless LAN Controllers
Cisco Wireless LAN Controller Module
Cisco Catalyst 6500 Series Wireless Services Module (WiSM)
Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers
Cisco Wireless LAN Controller Module
Cisco Aironet 1000 Series
Cisco Aironet 1500 Series
Cisco Aironet 1400 Series
Cisco Aironet 1300 Series
Cisco Aironet 1240 AG Series
Cisco Aironet 1230 AG Series
Cisco Aironet 1200 Series
Cisco Aironet 1130 AG Series
Cisco Aironet 1100 Series
Solution
Apply fixes :
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml#software
References
http://www.vupen.com/english/advisories/2007/1368
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml
Credits
Vulnerabilities reported by the vendor
ChangeLog
2007-04-13 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
