Menu
Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products

Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products

One of the vulnerabilities is critical and the rest are rated as high severity

Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that's used in many products.

The Cisco WLC software contains two denial-of-service vulnerabilities, one of which is rated critical and could be exploited by an unauthenticated attacker through specially crafted HTTP requests sent to the device. This can cause a buffer overflow condition that, in addition to a device reload, might also allow for execution of arbitrary code on the device.

The second vulnerability, rated high, stems from how the Cisco WLC software handles Bonjour traffic and can be exploited in a similar manner as the HTTP one to cause a device reload.

A third DoS vulnerability was patched in the Cisco AireOS software that also runs on some of the company's Wireless LAN Controller devices. It can be exploited by an unauthenticated hacker by attempting to access a URL that is not generally accessible from and supported by the device's management interface.

The software, used in the Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers and the Cisco Adaptive Security Virtual Appliance (ASAv), has a flaw stemming from an insufficient validation of DHCPv6 packets.

The vulnerability only affects the Cisco ASA Software if it's configured with the DHCPv6 relay feature and can only be triggered by IPv6 traffic, Cisco said in an advisory.

Finally, a DoS vulnerability in libSRTP that could be exploited through specially crafted SRTP packets, was fixed through software updates for multiple products that use the library for some features. The list of affected products is long but includes Cisco WebEx Meetings Server, Cisco Jabber, Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software and many Cisco voice and unified communications devices.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments