Cisco Warns Of Vulnerabilities In WLAN Controller Lines
Cisco lists eight product lines affected by at least one of the stated vulnerabilities, including Cisco 2000, 2100, 4100, 4400 and 5500 series wireless LAN controllers, Cisco Wireless Services Modules, Cisco wireless LAN controller modules for Integrated Services Routers, and Cisco Catalyst 3750G integrated wireless LAN controllers.
The DoS vulnerabilities are of the Internet Key Exchange (IKE) and HTTP varieties. The IKE DoS affects Cisco wireless LAN controller software versions 3.2 and later, according to Cisco, while the HTTP vulnerability affects versions 4.2 and later.
The privilege escalation vulnerabilities affect versions 4.2 and later, while one of the ACL vulnerabilities affects versions 4.1 and later, and the other affects version 6.0, Cisco noted.
According to Cisco, the vulnerabilities are independent of each other. Cisco has issued software updates, and said in its advisory that no workarounds are available, but it offers instructions about how to determine which software versions are running on users' wireless LAN controllers.