Cisco Fixes Multiple Wireless LAN Controller Vulnerabilities

Cisco has released software updates to address security issues affecting multiple series of its Wireless LAN Controller (WLC) and Wireless Services Module (WiSM) devices.

"Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility.

"These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP) and the Control and Provisioning of Wireless Access Points (CAPWAP) protocol," Cisco explains.

The company has identified and fixed two denial of service (DoS), three privilege escalation and two access control list (ACL) bypass vulnerabilities.

A large number of devices running different WLC software versions are vulnerable to these flaws, but not necessarily to all of them.

The privilege escalation vulnerabilities, which affect Cisco WLC software versions 4.2 and later, are the most serious ones and carry a CVSS (Common Vulnerability Scoring System) base score of 9.0.

"These vulnerabilities can be exploited remotely with authentication and without end-user interaction. Successful exploitation of these vulnerabilities may allow an attacker with read-only privileges to modify the device configuration," the company says.

Meanwhile, the denial of service vulnerabilities can be exploited by sending spoofed IKE (Internet Key Exchange) packets over UDP port 500 and HTTP ones over TCP port 80.

The Access Control List flaws can only be leveraged to bypass policies enforced by CPU-based ACLs in particular, which apply to both wireless and wired traffic.

A table of affected software versions and the corresponding recommended updates is included in the security advisory along with the list of vulnerabilities that affect each of them.

The fixed software can be acquired through the Software Center on Cisco's website or from third-party providers depending on the service contract of every customer.