Cisco sounds security alarm over WLAN controller vulnerabilities

Users of networking giant's WLAN product family urged to install software updates.

Danger sign

System administrators are being ordered to install software updates for their Cisco wireless LAN (WLAN) controllers following the discovery of multiple security vulnerabilities.

Networking titan Cisco has released a security advisory about the issue, which is known to affect 17 members of the firm's WLAN controller product family, including several models that have now reached end-of-software maintenance.

A full list of the affected models can be found here.

The vulnerabilities include a Denial of Service (DoS) flaw, which affects connectors configured with a wireless intrusion prevention system, that could let hackers reload devices by sending specially crafted IP packets to them.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Successful exploitation of the DoS vulnerabilities could allow an unauthenticated attacker to cause an affected device to reload. Repeated exploitation could result in a sustained DoS condition," advised Cisco.

Another flaw, affecting the HTTP profiling feature of Cisco WLAN devices, could allow hackers to execute arbitrary code using a UserAgent string, Cisco warned.

"Only Cisco WLAN Connector software version 7.3.101.0 is affected by this vulnerability, [and a] device is vulnerable only if the HTTP profiling feature is enabled," said the company's security advisory.

Meanwhile, a further vulnerability could provide attackers with unauthorised access to the device and allow them to modify its configuration, Cisco warned.

The company has released a series of free software updates to address these security holes, but said it had no reason to suggest that any of the reported vulnerabilities have been exploited by attackers.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/business-strategy/collaboration/354660/cisco-webex-will-use-voice-tools-to-exploit-next-frontier-of
collaboration

Cisco WebEx will use voice tools to exploit ‘next frontier’ of data insights

29 Jan 2020
Visit/infrastructure/network-internet/354629/what-to-expect-from-cisco-live-2020
Network & Internet

What to expect from Cisco Live 2020

24 Jan 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020