Multiple Vulnerabilities in Cisco Wireless LAN Controller

Posted: January 24, 2013 in Vulnerabilities
Tags: , ,

Cisco logoVulnerability: Vulnerabilities in Cisco Wireless LAN Controller

Danger level: High
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2013-1102
CVE-2013-1103
CVE-2013-1105

Vector of operation: Remote
Impact: Denial of service
System compromise

Affected Products: Cisco Wireless LAN Controller (WLC) 7.x, Cisco 2500 Series Wireless Controllers, Cisco Wireless LAN Controller Module, Cisco 4400 Series Wireless LAN Controller, Cisco 2000 Series Wireless LAN Controller, Cisco 2100 Series Wireless LAN Controller.

Affected versions: Cisco WLC Software 7.3.101.0

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. An error exists in the Cisco WLC configured with Wireless Intrusion Prevention System (wIPS). This can be exploited via a specially crafted network packet to cause a denial-of-service systems.

2. An error exists in the Cisco Wireless Access Point (AP), managed Cisco Wireless LAN Controller (WLC). This can be exploited via a specially crafted Session Initiation Protocol (SIP) packet to cause a denial-of-service systems.

3. The vulnerability is caused due to an unspecified error. The remote user is connected to a wireless network can view and change the configuration of the device, even if the «management over wireless» disabled.

Manufacturer URL: http://www.sisco.com/

Solution: To resolve the vulnerability patch from the manufacturer.

Links:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s