SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco Wireless LAN Controller Vendors:   Cisco
Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1029865
SecurityTracker URL:  http://securitytracker.com/id/1029865
CVE Reference:   CVE-2014-0701, CVE-2014-0703, CVE-2014-0704, CVE-2014-0705, CVE-2014-0706, CVE-2014-0707   (Links to External Site)
Date:  Mar 5 2014
Impact:   Denial of service via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Cisco Wireless LAN Controller (WLC). A remote user can gain unauthorized access to the target system. A remote user can cause denial of service conditions.

A remote user can send a large number of WebAuth requests at a high rate to trigger a memory allocation flaw to consume all available memory on the target device and cause the device to restart [CVE-2014-0701]. The vendor has assigned bug ID CSCuf52361 to this vulnerability.

A remote user can trigger a a race condition in the administrative HTTP server of a target Cisco Aironet 1260, 2600, 3500, and 3600 Series access point to gain access to the administrative HTTP server even if it has been explicitly disabled [CVE-2014-0703]. Then, the remote user can use locally-stored credentials (if they have not been changed) to gain privileged access to the target device. The vendor has assigned bug ID CSCuf66202 to this vulnerability.

A remote user can send specially crafted IGMPv3 messages to trigger a memory over-read error and cause the target WLC to restart [CVE-2014-0704]. The vendor has assigned bug ID CSCuh33240 to this vulnerability.

A remote use can send a specially crafted MLDv2 packet to the multicast listener discovery (MLD) service of a target WLC configured for IPv6 to cause the target device to restart [CVE-2014-0705]. Systems configured for MLDv2 Snooping (not the default) are affected. The vendor has assigned bug ID CSCuh74233 to this vulnerability.

A remote user can send a specially crafted Ethernet 802.11 frame to trigger an unspecified flaw and cause denial of service conditions [CVE-2014-0706]. The vendor has assigned bug ID CSCue87929 to this vulnerability.

A remote user can send a specially crafted Ethernet 802.11 frame to trigger an unspecified flaw and cause denial of service conditions [CVE-2014-0707]. The vendor has assigned bug ID CSCuf80681 to this vulnerability.

Impact:   A remote user can gain unauthorized access to the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (7.0.250.0, 7.4.121.0, 7.6.100.0).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Advisory ID: cisco-sa-20140305-wlc

Revision 1.0

For Public Release 2014 March 5 16:00  UTC (GMT)

Summary
=======

The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities:
* Cisco Wireless LAN Controller Denial of Service Vulnerability
* Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability
* Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability
* Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability
* Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability
* Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability

Cisco has released free software updates that address these vulnerabilities. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTFyueAAoJEIpI1I6i1Mx3QjIQALqJuwk1Y8YJAG+QM86XNUw3
aT3rlIPdAazREbXTX4VjLVyvdlfdhq8nQOjWf11ipkOU2FvGG+CM4fjk2Mz/4yUv
YENEQLb8PZIzAaQh+Jk40DSVlEaNw6QdM5qg/4mz35BDc03TPMOos3W1wB6/erJj
D8ml9HxU9+l29RNDkWeeatJUIrpL2jP6YiYdctBSqpm0KP4i5sv8DIMMWvMMqny0
D3rUqlLbYKGA2M6Ho9yOB7f/OF9QckDDqhkMagV1xPMF8ii+1EgLyTD1g33+6Hi5
YS/MrHiRr9g8n0NZQdcM3hfOTZc09ucw5/3iPqhC2H/XGVJOSq8w9vGNjY6dpP9s
p0CiNmoX2bISLCzKPkfM9LzeFBENJjhR0owGeGpSvwCgwJ9n97Z9xUqfok+X57QA
fenzUOv7dY508+ULBiMr98DWdx59U7fjX61i1Gl361+f8yGljSI+Cp2ObWKHy+gD
sa+Em7P7rNUZ/lkzC7vW0svqNNiZioNK9t3SP/MjSUE2qSwpPVUow+FrnR3q/o3l
B5Fi3gMxOwCu2pLFgIiIvILDRWU3t0z1PlGv2sF0QmXgFAtd0/aPRDmHTqJ2mi1N
stGO/bk1nOcUcPdPLLOy1GQeJzLCR1ow6+FRDCu7BixGjZp5U3/UZtjwoz/ebQnK
WCGLHbeJbNdGzOFxAaqz
=LECh
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC