Information Security all in one place!

Posts tagged “cisco catalyst

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers


Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless
LAN functions, such as security policies, intrusion prevention, RF
management, quality of service (QoS), and mobility.

These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP) and the Control and Provisioning of Wireless Access Points (CAPWAP) protocol.

The Cisco Wireless LAN Controller (WLC) product family is affected by
the following vulnerabilities:

* Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability
* Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
* Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability
* Cisco Wireless LAN Controllers Unauthorized Access Vulnerability

Cisco has released free software updates that address these vulnerabilities. Workarounds are available that mitigate some of these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc

Affected Products

The Cisco WLC product family is affected by multiple vulnerabilities. Affected versions of Cisco ASA Software vary depending on the specific vulnerability.

Vulnerable Products

Each of the following products is affected by at least one of the vulnerabilities covered in this Security Advisory:

* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Modules (WiSM)
* Cisco Wireless Services Modules version 2 (WiSM version 2)
* Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controllers

Measures to mitigate these risks can be found here: http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20120229-wlc

Advertisements

Cisco Releases Multiple Security Advisories


Cisco has released six security advisories to address vulnerabilities affecting the following products:

* Cius Wifi devices running Cius Software Version 9.2(1) SR1 and prior

* Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x

* Cisco Business Edition 3000, 5000, and 6000

* Cisco Unity Connection 7.1 and prior

* Cisco 2000, 2100, 2500, 4100, 4400, and 5500 Series Wireless LAN Controllers (WLCs)

* Cisco 500 Series Wireless Express Mobility Controllers

* Cisco Wireless Services Modules (WiSM) and (WiSM version 2)

* Cisco NME-AIR-WLC and NM-AIR-WLC Modules for Integrated Services Routers (ISRs)

* Cisco Catalyst 3750G Integrated WLC

* Cisco Flex 7500 Series Cloud Controllers

* Control, Expressway, and Starter Pack Express variants of Cisco

TelePresence Video Communication Server

* Cisco SRP 521W, 526W, and 527W

* Cisco SRP 521W-U, 526W-U, and 527W-U

* Cisco SRP 541W, 546W, and 547W

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges and bypass security restrictions.