Cisco patches Wireless LAN Controllers
Cisco has reported that three DoS vulnerabilities and a privilege escalation vulnerability exist in the Cisco Wireless LAN Controllers (WLCs). The products affected are the Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and the Cisco Catalyst 3750 Integrated Wireless LAN Controllers. The Controllers are responsible for system-wide wireless LAN functions, such as security policies and intrusion prevention.
Attackers can exploit the three DoS vulnerabilities in the products by using prepared packets to stop a system, or cause a restart. Only WLC software version 18.104.22.168 is affected by the privilege escalation vulnerability. Cisco has assigned a CVS Score (Common Vulnerability Scoring System) of 9 to the issue.
Cisco is providing updates that correct the issues. A detailed overview of the vulnerable versions and updates can be found in the original report from Cisco.
- Multiple Vulnerabilities in Cisco Wireless LAN Controllers, a Cisco Security Advisory