Latest (27th April 2011) Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability

Document

Apr 28, 2011 4:10 AM
Apr 28th, 2011

Latest (27th April 2011) Cisco Security Advisory for WLC (DoS)

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of ICMP packets.

Cisco has released free software updates that address this vulnerability. There are no available workarounds to mitigate this vulnerability.

This advisory is posted at           http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml

This vulnerability affects Cisco WLC software versions 6.0 and later. The following products are affected by the vulnerability described in this Security Advisory:-

  • Cisco 2100 Series Wireless LAN Controllers
  • Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9)
  • Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)

Note: The Cisco NM-AIR-WLC have reached End-of-Life and End-of-Software Maintenance. Please refer to the following document for more information: http://www.cisco.com/en/US/prod/collateral/modules/ps2797/prod_end-of-life_notice0900aecd806aeb34.html

The following Cisco Wireless LAN Controllers are not affected by this vulnerability:-


  • Cisco 2000 Series WLCs
  • Cisco 2500 Series WLCs
  • Cisco 4100 Series WLCs
  • Cisco 4400 Series WLCs
  • Cisco Catalyst 3750G Integrated WLCs
  • Cisco 5500 Series WLCs
  • Cisco Wireless Services Modules (WiSMs, both WiSM and WiSM2)
  • Cisco Wireless Services Ready Engine (SRE) Modules
  • Cisco Flex 7500 Series Cloud Controllers

No other Cisco products are currently known to be affected by this vulnerability.

When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.

If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable.


Affected Release

First Fixed Release

4.0

Not Vulnerable

4.1

Not Vulnerable

4.1 M

Not Vulnerable

4.2

Not Vulnerable

4.2M

Not Vulnerable

5.0

Not Vulnerable

5.1

Not Vulnerable

5.2

Not Vulnerable

6.0

6.0.200.0

7.0

7.0.98.216 and 7.0.112.0


There are no available workarounds to mitigate this vulnerability.


Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.


Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html , or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml .

Reference Links:-

For Detailed information please visit "SECURITY ADVISORY" page

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7950e.shtml


Cisco Security Advisories and Notices - "HOME PAGE"

http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Average Rating: 5 (2 ratings)

Actions

Login or Register to take actions

This Document

Posted April 28, 2011 at 4:10 AM
Stats:

Related Content

Documents Leaderboard