Cisco has patched a number of vulnerabilities in its Wireless LAN Controller (WLC) family of products, including several bugs that allowed denial of service attacks.
Six vulnerabilities have been fixed in the update, including a denial of service security hole in the WebAuth feature of WLCs that allowed unauthenticated remote attackers to cause a device to reload. This could be replicated repeatedly to consume all memory on a device and leave it essentially unusable.
Four more WLC denial of service vulnerabilities received a plaster, including an IGMP processing subsystem weakness, an MLD service bug, a critical error hole, and a controller crafted frame vulnerability.
Another bug in the Cisco IOS code that allowed unauthorised access to associated access points in Cisco Aironet 1260, 2600, 3500, and 3600 Series devices by Cisco WLCs was also addressed.
Admins can mitigate the associated access point issue by configuring Global AP Management Credentials on their devices. There are no workarounds for the denial of service vulnerabilities.
Affected devices include the Cisco 500 Series Wireless Express Mobility Controllers, the Cisco 2000, 2100, 4100, and 4400 Wireless LAN Controllers, the Cisco 2500, 5500, and 8500 Wireless Controllers, and the Cisco Flex 7500 Series and Virtual Wireless Controllers.
Additional modular controllers affected include the Cisco Catalyst 6500 Series and 7600 Series, the Wireless Services Module version 2, the NME-AIR WLC and NM-AIR-WLC Modules for Integrated Services Routers, the Catalyst 3750G Integrated WLC, and the Wireless Controller Software for Services-Ready Engine.
Cisco urged customers to check with their maintenance providers before deploying the patch in case of any compatibility issues.
Via The Register