Menu
Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products

Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products

One of the vulnerabilities is critical and the rest are rated as high severity

Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that's used in many products.

The Cisco WLC software contains two denial-of-service vulnerabilities, one of which is rated critical and could be exploited by an unauthenticated attacker through specially crafted HTTP requests sent to the device. This can cause a buffer overflow condition that, in addition to a device reload, might also allow for execution of arbitrary code on the device.

The second vulnerability, rated high, stems from how the Cisco WLC software handles Bonjour traffic and can be exploited in a similar manner as the HTTP one to cause a device reload.

A third DoS vulnerability was patched in the Cisco AireOS software that also runs on some of the company's Wireless LAN Controller devices. It can be exploited by an unauthenticated hacker by attempting to access a URL that is not generally accessible from and supported by the device's management interface.

The software, used in the Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers and the Cisco Adaptive Security Virtual Appliance (ASAv), has a flaw stemming from an insufficient validation of DHCPv6 packets.

The vulnerability only affects the Cisco ASA Software if it's configured with the DHCPv6 relay feature and can only be triggered by IPv6 traffic, Cisco said in an advisory.

Finally, a DoS vulnerability in libSRTP that could be exploited through specially crafted SRTP packets, was fixed through software updates for multiple products that use the library for some features. The list of affected products is long but includes Cisco WebEx Meetings Server, Cisco Jabber, Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software and many Cisco voice and unified communications devices.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments