Skip to Content

Cisco Wireless LAN Controller DoS Vulnerability

Cisco has released a security advisory for a vulnerability in some of their Wireless LAN Controllers (WLCs) which if exploited can cause the device to reload. This doesn't affect very many of their wireless controllers, but this is a serious enough vulnerability to warrant a code upgrade if you are running an affected code version on an impacted platform. 

What Platforms Are Affected?

This vulnerability affects Cisco WLC software versions 6.0 and later. The following products are affected by the vulnerability described in this Security Advisory:

  •     Cisco 2100 Series Wireless LAN Controllers
  •     Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9)
  •     Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
  •     Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)

What versions Are Affected?

Here are the versions that are affected and the first fixed versions:
  • 6.0 is vulnerable, upgrade to at least 6.0.200.0 to fix it
  • 7.0 is vulnerable, upgrade to at least 7.0.98.216 and 7.0.112.0  to fix it

How do I get the updated software?

If you need to upgrade and have a service contract, log in to the support site and download a fixed version of code. If you don't have a support contract, you have to call their support and they'll give you instructions on how to download and install the fixed version. Cisco TAC can be reached via e-mail: tac@cisco.com and the following numbers:
+1 800 553 2447 (toll free from within North America)
+1 408 526 7209 (toll call from anywhere in the world)
 
For the full Security Advisory and more details, go here
No votes yet

Comments

Cisco CallManager DoS also

Cisco CallManager

Multiple vulnerabilities were reported in Cisco Unified
Communications Manager. A remote user can cause denial of service
conditions. A remote authenticated user can inject SQL commands. A
remote authenticated user can upload arbitrary files to the target
system.

Impact: Denial of service via network

Alert: http://www.cisco.com/en/US/products/products_security_advisory09186a0080...



Dr. Radut | blog