14 DAY TRIAL // Cisco has published a security advisory announcing four vulnerabilities, which affect all of its Wireless LAN Controller (WLC) platforms. The company has also released security patches in order to mitigate the risks.
The most serious flaw of the four is rated by Cisco as moderate and exploiting it can allow a remote attacker to obtain administrative rights on the device. This is caused by an error that occurs when requests for the local management service are processed. Fortunately, this vulnerability affects only controllers running WLC software version 4.2.173.0, and in order to successfully exploit it, the attacker must be authenticated as a restricted user.
Another vulnerability allows an unauthenticated remote attacker to create a denial of service situation by rebooting the device. This is achieved by sending a maliciously crafted IP request to the web authentication process via the login.html page. During this attack the device does not crash, although the console message invokes the "Cisco Crash Handler."
A second DoS flaw is also aimed at the web authentication service. A remote attacker can make use of a vulnerability scanner to force the device into reloading or stopping servicing web authentication to legit clients.
The fourth vulnerability only affects 4.1 and later versions of the software found in the Cisco 4400 series WLCs, Cisco Catalyst 6500 WiSM, and the Cisco Catalyst 3750 Integrated Wireless LAN Controllers. The flaw allows a remote attacker to create a denial of service condition by sending a malformed IP packet to the device, which causes it to crash. If this situation occurs, the controller needs a manual reboot.
The Cisco Product Security Incident Response Team (PSIRT) advises that there is no workaround for these vulnerabilities, and that affected clients should apply the software updates. However, it warns that "Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment."
These vulnerabilities have been detected during internal testing or while resolving received support tickets. "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory," the document notes. These bugs are identified in the Common Vulnerabilities and Exposures system as CVE-2009-0062, CVE-2009-0059, CVE-2009-0058 and CVE-2009-0061, respectively.