Latest Cisco WLAN latest vulnerabilities fixed
Cisco has released patches for several internally discovered vulnerabilities in its Aironet Lightweight Access Points, WLC access point controllers and WCS WLAN management software, which provides monitoring, support and management services for Cisco wireless networking.
The Aironet LAPs have a common hard-coded service password. Models 1000 and 1500 are affected. The WLC uses well-known default SNMP community strings, can lock up due to malformed traffic, and fails to apply WLAN ACLs on reboot. Models 4400, 2100 and the Wireless LAN Controller Module are affected, as are WLAN modules and controllers for the Catalyst 6500 and 3750 product ranges.
The WCS has fixed user credentials for its backup ftp service, suffers from a privilege escalation vulnerability that allows group membership to be changed by users, and can be persuaded to disclose network topology information to unauthenticated users. All versions prior to 18.104.22.168 are affected.
Cisco has made free software available to affected customers to address all these vulnerabilities, and has base scored several of them (notably those affecting credentials) at between 5 to 10 on the CVSS. Applying these patches must therefore be considered a high priority for affected users.
- Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points, Cisco advisory
- Multiple Vulnerabilities in the Cisco Wireless Control System, Cisco advisory