SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Router/Bridge/Hub)  >   Cisco Wireless LAN Controller Vendors:   Cisco
Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code
SecurityTracker Alert ID:  1028027
SecurityTracker URL:  http://securitytracker.com/id/1028027
CVE Reference:   CVE-2013-1102, CVE-2013-1103, CVE-2013-1104, CVE-2013-1105   (Links to External Site)
Date:  Jan 23 2013
Impact:   Denial of service via network, Disclosure of system information, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0, 7.1, 7.2, 7.3
Description:   Several vulnerabilities were reported in Cisco Wireless LAN Controller. A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can modify the configuration on the target system. A remote user can cause denial of service conditions.

A remote user can send specially crafted IP packets to the target device configured with Wireless Intrusion Prevention System (wIPS) via the wired or wireless interfaces to cause the target device to reload [CVE-2013-1102]. Cisco has assigned Cisco bug ID CSCtx80743 to this vulnerability.

A remote user can send specially crafted Session Initiation Protocol (SIP) packets to the target wireless access point (managed by the WLC) via the wired or wireless interfaces to cause the target device to reload [CVE-2013-1103]. Cisco has assigned Cisco bug ID CSCts87659 to this vulnerability.

A remote authenticated user can send a specially crafted UserAgent string via the wired or wireless interfaces to execute arbitrary code on the target system [CVE-2013-1104]. Only systems with the HTTP Profiling feature enabled and running version 7.3.101.0 are affected. Cisco has assigned Cisco bug ID CSCuc15636 to this vulnerability.

A remote authenticated user can view and modify the configuration of the target device via SNMP when the "management over wireless" feature is disabled [CVE-2013-1105]. Cisco has assigned Cisco bug ID CSCua60653 to this vulnerability.

The following product models are affected by these vulnerabilities:

Cisco 2000 Series WLC
Cisco 2100 Series WLC
Cisco 2500 Series WLC
Cisco 4100 Series WLC
Cisco 4400 Series WLC
Cisco 5500 Series WLC
Cisco 7500 Series WLC
Cisco 8500 Series WLC
Cisco 500 Series Wireless Express Mobility Controllers
Cisco Wireless Services Module (Cisco WiSM)
Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
Cisco Catalyst 3750G Integrated WLCs
Cisco Flex 7500 Series Cloud Controller
Cisco Virtual Wireless Controller
Cisco Wireless Controller Software for Integrated Services Module 300 and Cisco Services-Ready Engine 700, 710, 900, and 910

Darren Johnson reported the SNMP vulnerability.

Impact:   A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can modify the configuration on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (7.0.240.0, 7.2.111.3, 7.3.110.0).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc (Links to External Site)
Cause:   Not specified
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 23 Jan 2013 11:13:14 -0500
Subject:  Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Advisory ID: cisco-sa-20130123-wlc

Revision 1.0

For Public Release 2013 January 23 16:00  UTC (GMT)
- ----------------------------------------------------------------------

Summary
=======

The Cisco Wireless LAN Controller (Cisco WLC) product family is
affected by the following four vulnerabilities:

	Cisco Wireless LAN Controllers Wireless Intrusion Prevention
	System (wIPS) Denial of Service Vulnerability

	Cisco Wireless LAN Controllers Session Initiation Protocol Denial
	of Service Vulnerability

	Cisco Wireless LAN Controllers HTTP Profiling Remote Code
	Execution Vulnerability

	Cisco Wireless LAN Controllers SNMP Unauthorized Access
	Vulnerability

Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate these vulnerabilities are
available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlD/9LgACgkQUddfH3/BbTqd2AEAjfwbSyTP5MOkZpmjQ/7ROsgt
cxqqo3ApRtSkrqQ8QIYA/0U7bOtjGo6TyrU8P/XRmTYHUR4pnJzcAY15nULCBXzM
=kd2V
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC