Menu
Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products

Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products

One of the vulnerabilities is critical and the rest are rated as high severity

Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that's used in many products.

The Cisco WLC software contains two denial-of-service vulnerabilities, one of which is rated critical and could be exploited by an unauthenticated attacker through specially crafted HTTP requests sent to the device. This can cause a buffer overflow condition that, in addition to a device reload, might also allow for execution of arbitrary code on the device.

The second vulnerability, rated high, stems from how the Cisco WLC software handles Bonjour traffic and can be exploited in a similar manner as the HTTP one to cause a device reload.

A third DoS vulnerability was patched in the Cisco AireOS software that also runs on some of the company's Wireless LAN Controller devices. It can be exploited by an unauthenticated hacker by attempting to access a URL that is not generally accessible from and supported by the device's management interface.

The software, used in the Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers and the Cisco Adaptive Security Virtual Appliance (ASAv), has a flaw stemming from an insufficient validation of DHCPv6 packets.

The vulnerability only affects the Cisco ASA Software if it's configured with the DHCPv6 relay feature and can only be triggered by IPv6 traffic, Cisco said in an advisory.

Finally, a DoS vulnerability in libSRTP that could be exploited through specially crafted SRTP packets, was fixed through software updates for multiple products that use the library for some features. The list of affected products is long but includes Cisco WebEx Meetings Server, Cisco Jabber, Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software and many Cisco voice and unified communications devices.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments