Menu
Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products

Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products

One of the vulnerabilities is critical and the rest are rated as high severity

Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that's used in many products.

The Cisco WLC software contains two denial-of-service vulnerabilities, one of which is rated critical and could be exploited by an unauthenticated attacker through specially crafted HTTP requests sent to the device. This can cause a buffer overflow condition that, in addition to a device reload, might also allow for execution of arbitrary code on the device.

The second vulnerability, rated high, stems from how the Cisco WLC software handles Bonjour traffic and can be exploited in a similar manner as the HTTP one to cause a device reload.

A third DoS vulnerability was patched in the Cisco AireOS software that also runs on some of the company's Wireless LAN Controller devices. It can be exploited by an unauthenticated hacker by attempting to access a URL that is not generally accessible from and supported by the device's management interface.

The software, used in the Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers and the Cisco Adaptive Security Virtual Appliance (ASAv), has a flaw stemming from an insufficient validation of DHCPv6 packets.

The vulnerability only affects the Cisco ASA Software if it's configured with the DHCPv6 relay feature and can only be triggered by IPv6 traffic, Cisco said in an advisory.

Finally, a DoS vulnerability in libSRTP that could be exploited through specially crafted SRTP packets, was fixed through software updates for multiple products that use the library for some features. The list of affected products is long but includes Cisco WebEx Meetings Server, Cisco Jabber, Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software and many Cisco voice and unified communications devices.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the leading customer-centric Microsoft channel partners

Meet the leading customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the leading customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments