nsane.forums Posted September 9, 2010 Share Posted September 9, 2010 Cisco is warning that its Wireless LAN Controller (WLC) product family is affected by seven separate security vulnerabilities that could allow a remote attacker to launch denial-of-service attacks, modify device configurations, or bypass access control lists. In an alert issued today, Cisco warned that there are no workarounds to mitigate these issues and urged affected users to apply the available patches. The skinny: Two denial of service (DoS) vulnerabilitiesThree privilege escalation vulnerabilitiesTwo access control list (ACL) bypass vulnerabilities In the case of the DoS vulnerabilities, an attacker with the ability to send a malicious IKE or HTTP packets to an affected Cisco WLC could cause the device to crash and reload. Cisco said these vulnerabilities can be exploited from both wired and wireless segments. The company also called attention to three privilege escalation vulnerabilities that could allow an authenticated attacker with read-only privileges to modify the device configuration. Two separate ACL bypass flaws could allow an unauthenticated attacker to bypass policies that should be enforced by CPU-based ACLs. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.