You are here

V-076: Cisco Wireless LAN Controller Bugs Let Remote Users Deny Service and Remote Authenticated Users Modify the Configuration and Execute Arbitrary Code

January 24, 2013 - 6:00am

Addthis

PROBLEM:

Several vulnerabilities were reported in Cisco Wireless LAN Controller.

PLATFORM:

The vulnerabilities are reported in:
Cisco 2000 Series WLC
Cisco 2100 Series WLC
Cisco 2500 Series WLC
Cisco 4100 Series WLC
Cisco 4400 Series WLC
Cisco 5500 Series WLC
Cisco 7500 Series WLC
Cisco 8500 Series WLC
Cisco 500 Series Wireless Express Mobility Controllers
Cisco Wireless Services Module (Cisco WiSM)
Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
Cisco Catalyst 3750G Integrated WLCs
Cisco Flex 7500 Series Cloud Controller
Cisco Virtual Wireless Controller
Cisco Wireless Controller Software for Integrated Services Module 300 and Cisco Services-Ready Engine 700, 710, 900, and 910

ABSTRACT:

A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can modify the configuration on the target system. A remote user can cause denial of service conditions.

REFERENCE LINKS:

SecurityTracker Alert ID: 1028027
Cisco Security Advisory: cisco-sa-20130123-wlc
CVE-2013-1102  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1102
CVE-2013-1103  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1103
CVE-2013-1104  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1104
CVE-2013-1105  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1105

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by the following four vulnerabilities:

    Cisco Wireless LAN Controllers Wireless Intrusion Prevention System (wIPS) Denial of Service Vulnerability

    Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service Vulnerability

    Cisco Wireless LAN Controllers HTTP Profiling Remote Code Execution Vulnerability

    Cisco Wireless LAN Controllers SNMP Unauthorized Access Vulnerability

IMPACT:

Successful exploitation of the DoS vulnerabilities could allow an unauthenticated attacker to cause an affected device to reload. Repeated exploitation could result in a sustained DoS condition.

Successful exploitation of the HTTP Profiling Remote Code Execution Vulnerability could allow an authenticated, remote attacker to perform remote code execution on the affected device.

Successful exploitation of the unauthorized access vulnerability could allow an authenticated attacker to view or modify the device configuration even if "management over wireless" is disabled.

SOLUTION:

Vendor fixes are available at Cisco Support

Addthis