Cisco sounds security alarm over WLAN controller vulnerabilities

Users of networking giant's WLAN product family urged to install software updates.

Danger sign

System administrators are being ordered to install software updates for their Cisco wireless LAN (WLAN) controllers following the discovery of multiple security vulnerabilities.

Networking titan Cisco has released a security advisory about the issue, which is known to affect 17 members of the firm's WLAN controller product family, including several models that have now reached end-of-software maintenance.

A full list of the affected models can be found here.

The vulnerabilities include a Denial of Service (DoS) flaw, which affects connectors configured with a wireless intrusion prevention system, that could let hackers reload devices by sending specially crafted IP packets to them.

"Successful exploitation of the DoS vulnerabilities could allow an unauthenticated attacker to cause an affected device to reload. Repeated exploitation could result in a sustained DoS condition," advised Cisco.

Another flaw, affecting the HTTP profiling feature of Cisco WLAN devices, could allow hackers to execute arbitrary code using a UserAgent string, Cisco warned.

"Only Cisco WLAN Connector software version 7.3.101.0 is affected by this vulnerability, [and a] device is vulnerable only if the HTTP profiling feature is enabled," said the company's security advisory.

Meanwhile, a further vulnerability could provide attackers with unauthorised access to the device and allow them to modify its configuration, Cisco warned.

The company has released a series of free software updates to address these security holes, but said it had no reason to suggest that any of the reported vulnerabilities have been exploited by attackers.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021