Tuesday 7 September 2010

Security flaws haunt Cisco Wireless LAN Controller


Cisco is warning that its Wireless LAN Controller (WLC) product family is affected by seven separate security  vulnerabilities that could allow  a remote attacker to launch denial-of-service attacks, modify device configurations, or bypass access control lists.
In an alert issued today, Cisco warned that there are no workarounds to mitigate these issues and urged affected users to apply the available patches.
The skinny:
  • Two denial of service (DoS) vulnerabilities
  • Three privilege escalation vulnerabilities
  • Two access control list (ACL) bypass vulnerabilities
In the case of the DoS vulnerabilities, an  attacker with the ability to send a malicious IKE or HTTP packets to an affected Cisco WLC could cause the device to crash and reload. Cisco said these vulnerabilities can be exploited from both wired and wireless segments.
The company also called attention to three privilege escalation vulnerabilities that could allow an authenticated attacker with read-only privileges to modify the device configuration.
Two separate ACL bypass flaws could allow an unauthenticated attacker to bypass policies that should be enforced by CPU-based ACLs.

No comments:

Post a Comment