Cisco patches Wi-Fi vulnerabilities

Cisco has issued two sets of patches for vulnerabilities in its wireless networking software.

In an advisory published on Thursday, Cisco warned that its Wireless Control System (WCS) contains multiple vulnerabilities that can result in information disclosure, privilege escalation and unauthorised access to the network.

The WCS works in conjunction with Cisco Aironet Lightweight Access Points, Cisco Wireless LAN Controllers and the Cisco Wireless Location Appliance by providing tools for planning and design, system configuration, location tracking, security monitoring and wireless LAN management.

Versions affected are those prior to 4.0.96.0.

In a second advisory, Cisco alerted IT managers to multiple vulnerabilities in its Wireless LAN Controller (WLC), routers and access points that could leave systems open to denial of service (DoS) attacks, information disclosure, access control list changes, or allow an attacker to gain full administrative access.

The WLC manages Cisco Aironet Access Points and is vulnerable to a malformed Ethernet traffic crash, multiple network processing unit lock-up vulnerabilities, and flawed default SNMP community strings.

Further details of affected versions and equipment can be found in the advisory.

Cisco urged customers owning the affected products to apply the patches, which can be found on its website via hyperlinks in the advisories.