Cisco warns of flaws in wireless LAN controllers

The flaws could be used to launch denial-of-service attacks or to give attackers admin privileges, the networking company says
Written by Tom Espiner, Contributor on

Networking company Cisco has warned of multiple vulnerabilities in its wireless LAN controllers.

There are three denial-of-service (DoS) vulnerabilities and one privilege-escalation issue, the networking company said in an advisory on Wednesday. The flaws affect Cisco 4400 Series Wireless LAN Controllers (WLCs), Cisco Catalyst 6500/7600 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers.

The software versions affected by the flaws include 4.1, 4.2, 5.0, 5.1, and 5.2.

An attacker could exploit the denial-of-service flaws to cause an affected device to hang or reload, and repeated attacks could lead to a sustained denial of service, Cisco said. The privilege-escalation vulnerability could allow an authenticated attacker to gain administrative rights on a system.

Cisco has released updates to address the vulnerabilities, but there are no workarounds for businesses unable to apply the fixes. Customers with service contracts should visit Cisco's Software Center for patches, and customers without service contracts should contact the Cisco Technical Assistance Center. Those using third-party support should contact their support providers, Cisco said.

The vulnerabilities were found through customer testing, Cisco said, noting that it is not aware of any malicious exploitation of the flaws.

Editorial standards