Vulnerability: Vulnerabilities in Cisco Wireless LAN Controller
Danger level: High
Patch: Yes
Number of vulnerabilities: 3
CVE ID: CVE-2013-1102
CVE-2013-1103
CVE-2013-1105
Vector of operation: Remote
Impact: Denial of service
System compromise
Affected Products: Cisco Wireless LAN Controller (WLC) 7.x, Cisco 2500 Series Wireless Controllers, Cisco Wireless LAN Controller Module, Cisco 4400 Series Wireless LAN Controller, Cisco 2000 Series Wireless LAN Controller, Cisco 2100 Series Wireless LAN Controller.
Affected versions: Cisco WLC Software 7.3.101.0
Description:
Which can be exploited by malicious people to execute arbitrary code on the target system.
1. An error exists in the Cisco WLC configured with Wireless Intrusion Prevention System (wIPS). This can be exploited via a specially crafted network packet to cause a denial-of-service systems.
2. An error exists in the Cisco Wireless Access Point (AP), managed Cisco Wireless LAN Controller (WLC). This can be exploited via a specially crafted Session Initiation Protocol (SIP) packet to cause a denial-of-service systems.
3. The vulnerability is caused due to an unspecified error. The remote user is connected to a wireless network can view and change the configuration of the device, even if the «management over wireless» disabled.
Manufacturer URL: http://www.sisco.com/
Solution: To resolve the vulnerability patch from the manufacturer.
Links:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc