PROBLEM:
Several vulnerabilities were reported in Cisco Wireless LAN Controller.
PLATFORM:
The vulnerabilities are reported in:
Cisco 2000 Series WLC
Cisco 2100 Series WLC
Cisco 2500 Series WLC
Cisco 4100 Series WLC
Cisco 4400 Series WLC
Cisco 5500 Series WLC
Cisco 7500 Series WLC
Cisco 8500 Series WLC
Cisco 500 Series Wireless Express Mobility Controllers
Cisco Wireless Services Module (Cisco WiSM)
Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
Cisco Catalyst 3750G Integrated WLCs
Cisco Flex 7500 Series Cloud Controller
Cisco Virtual Wireless Controller
Cisco Wireless Controller Software for Integrated Services Module 300 and Cisco Services-Ready Engine 700, 710, 900, and 910
ABSTRACT:
A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can modify the configuration on the target system. A remote user can cause denial of service conditions.
REFERENCE LINKS:
SecurityTracker Alert ID: 1028027
Cisco Security Advisory: cisco-sa-20130123-wlc
CVE-2013-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1102
CVE-2013-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1103
CVE-2013-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1104
CVE-2013-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1105
IMPACT ASSESSMENT:
Medium
DISCUSSION:
The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by the following four vulnerabilities:
Cisco Wireless LAN Controllers Wireless Intrusion Prevention System (wIPS) Denial of Service Vulnerability
Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service Vulnerability
Cisco Wireless LAN Controllers HTTP Profiling Remote Code Execution Vulnerability
Cisco Wireless LAN Controllers SNMP Unauthorized Access Vulnerability
IMPACT:
Successful exploitation of the DoS vulnerabilities could allow an unauthenticated attacker to cause an affected device to reload. Repeated exploitation could result in a sustained DoS condition.
Successful exploitation of the HTTP Profiling Remote Code Execution Vulnerability could allow an authenticated, remote attacker to perform remote code execution on the affected device.
Successful exploitation of the unauthorized access vulnerability could allow an authenticated attacker to view or modify the device configuration even if "management over wireless" is disabled.
SOLUTION:
Vendor fixes are available at Cisco Support