Security flaws haunt Cisco Wireless LAN Controller

Cisco is warning that its Wireless LAN Controller (WLC) product family is affected by seven separate security  vulnerabilities that could allow  a remote attacker to launch denial-of-service attacks, modify device configurations, or bypass access control lists.In an alert issued today, Cisco warned that there are no workarounds to mitigate these issues and urged affected users to apply the available patches.

Cisco is warning that its Wireless LAN Controller (WLC) product family is affected by seven separate security  vulnerabilities that could allow  a remote attacker to launch denial-of-service attacks, modify device configurations, or bypass access control lists.

In an alert issued today, Cisco warned that there are no workarounds to mitigate these issues and urged affected users to apply the available patches.

The skinny:

  • Two denial of service (DoS) vulnerabilities
  • follow Ryan Naraine on twitter
  • Three privilege escalation vulnerabilities
  • Two access control list (ACL) bypass vulnerabilities

In the case of the DoS vulnerabilities, an  attacker with the ability to send a malicious IKE or HTTP packets to an affected Cisco WLC could cause the device to crash and reload. Cisco said these vulnerabilities can be exploited from both wired and wireless segments.

The company also called attention to three privilege escalation vulnerabilities that could allow an authenticated attacker with read-only privileges to modify the device configuration.

Two separate ACL bypass flaws could allow an unauthenticated attacker to bypass policies that should be enforced by CPU-based ACLs.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All