Home & Office
Cisco warning: Serious flaws in Wireless LAN controllers
Routing and switching giant Cisco has released an alert to warn of multiple security flaws in some of its Wireless LAN controllers.The company documented at least four vulnerabilities that could lead to denial-of-service or privilege escalation attacks.
The company documented at least four vulnerabilities that could lead to denial-of-service or privilege escalation attacks. Affected product lines include Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers.
The skinny:
- CVE-2009-0058: Web authentication is a Layer 3 security feature that causes the controller to drop IP traffic (except DHCP and DNS related packets) from a particular client until that client has correctly supplied a valid username and password.
- CVE-2009-0059: An attacker may cause a device reload when sending a malformed post to the web authentication "login.html" page.
- CVE-2009-0061: Affected Cisco WLC, WiSM and Catalyst 3750 Wireless LAN Controller models are vulnerable to a DoS condition that is triggered by the receipt of certain IP packets. Upon receiving these IP packets, the affected device may become unresponsive and require a reboot to recover.
- CVE-2009-0062: A privilege escalation vulnerability exists only in WLC software version 4.2.173.0, and could allow a restricted user (i.e., Lobby Admin) to gain full administrative rights on the affected system.
One of these flaws carry a CVSS Base Score of 9.0, meaning it should be treated as a "high priority" update.