J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Cisco Wireless Lan Controller Multiple Remote Vulnerabilities

Severity: CRITICAL

Description:

The Cisco Wireless LAN Controller (WLC) manages Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP).

The Cisco Wireless LAN Controller is prone to multiple remote vulnerabilities:

- An unauthorized-access vulnerability. Specifically, WLC uses commonly known values of 'public' and 'private' for read-write and read-only SNMP community strings. This may allow an attacker to gain administrative access to the affected device. This issue is being monitored by Cisco Bug ID CSCse02384.

- A denial-of-service vulnerability when handling malformed Ethernet traffic. This vulnerability is monitored by Cisco Bug ID CSCsc90179.

- Multiple denial-of-service vulnerabilities in the Network Processing Unit (NPU) when handling specially crafted network packets. Specifically, the application fails to handle malformed SNAP packets, 802.1 traffic, and packets with unexpected length values in certain headers. Since each NPU runs independently and handles two of the ports of the WLC, this issue may result in a partial or complete inability to forward network traffic. These issues are monitored by Cisco Bug ID CSCsg36361, CSCsg15901, and CSCsh10841.

- A password-disclosure vulnerability in the Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points. Specifcally, the device contains a hard-coded service password for troubleshooting. This service is accessible only through a physical connection to the console port. This issue is being monitored by Cisco Bug ID CSCsg15192

- A vulnerability that prevents the WLAN's ACLs from being installed. Specifically, the WLAN ACL configurations are saved with an invalid checksum. When the configuration file is reloaded during boot time, the checksum fails, preventing the ACLs from being installed. This vulnerability is documented by Cisco Bug ID CSCse58195.

An attacker can exploit these issues to completely compromise the affected device, cause a denial-of-service condition, obtain potentially sensitive information, and gain unauthorized access to the affected device.

Affected Products:

  • Cisco 2000 Wireless LAN Controller (WLC)
  • Cisco 2100 Wireless LAN Controller (WLC)
  • Cisco 4100 Wireless LAN Controller (WLC)
  • Cisco 4400 Wireless LAN Controller (WLC)
  • Cisco Aironet 1000
  • Cisco Aironet 1500
  • Cisco Catalyst 3750 Series Integrated Wireless LAN Cont
  • Cisco Catalyst 6500 Series Wireless Services Module
  • Cisco Wireless LAN Controller Module

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.