Cisco Patches WLC Security Holes

Friday, April 22, 2016 @ 05:04 PM gHale


Cisco updated its software patching critical and high severity denial-of-service (DoS) vulnerabilities.

The most serious of the flaws in its Wireless LAN Controller (WLC) products that rated as critical, is an issue related to the HTTP URL redirect feature of WLC software.

RELATED STORIES
Cisco Issues Security Updates
Cisco Patches Malware Detection Issue
Cisco Patches DoS Holes
USB Trojan Leaves No Trace

The vulnerability, which is the result of improper handling of HTTP traffic, allows an unauthenticated attacker to remotely trigger a buffer overflow and cause affected devices to enter a DoS condition.

The security hole affects Cisco WLC software versions 7.2, 7.3, 7.4 releases prior to 7.4.140.0(MD), 7.5, 7.6, and 8.0 releases prior to 8.0.115.0(ED).

Cisco WLC software suffers from a high severity vulnerability in the Bonjour task manager. By sending specially crafted Bonjour traffic to a vulnerable device, a remote attacker can cause it to enter a DoS condition.

The flaw exists in WLC software versions 7.4 prior to 7.4.130.0(MD), 7.5, 7.6, and 8.0 releases prior to 8.0.110.0(ED).

The last vulnerability related to Cisco WLC is in the web-based management interface of devices running AireOS software. A remote attacker can cause vulnerable devices to reload by accessing a URL not supported by the management interface. Cisco WLC devices running AireOS releases 4.1 through 7.4.120.0, all 7.5 releases, and release 7.6.100.0 suffer from the issue.

A DoS vulnerability has also been found in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) software. A remote, unauthenticated attacker can exploit the flaw to cause a DoS condition by sending specially crafted DHCPv6 packets to affected devices.

This high severity vulnerability only affects the 9.4.1 release of ASA software. Cisco ASA 5500-X series NGFs, ASA Services Module for Catalyst 6500 series switches and 7600 series routers, and Adaptive Security Virtual Appliances (ASAv) may be affected.

Another serious DoS vulnerability is in the Secure Real-Time Transport Protocol (SRTP) library (libSRTP). A remote attacker can trigger a DoS condition by sending malicious SRTP packets to the affected device.

This flaw impacts a wide range of Cisco products, including WebEx Meetings Server, Jabber, ASA software, IOS XE software, and over a dozen voice and unified communications devices.

Most of these vulnerabilities ended up discovered by Cisco’s own employees and there is no evidence any of them have been exploited for malicious purposes.