Multiple vulnerabilities have been identified in Cisco Wireless LAN Controller (WLC), which could be exploited by attackers to cause a denial of service or gain unauthorized access to a vulnerable network.
The first issue is caused by the presence of commonly known ("public" and "private") read-only and read-write SNMP community strings, which could be exploited by attackers to read or modify the configuration of the WLC via SNMP.
The second vulnerability is caused by an error when processing malformed Ethernet traffic, which could allow unauthenticated attackers on a local network segment to crash the WLC, creating a denial of service condition.
The third issue is caused by errors in the Network Processing Unit (NPU) when processing specially crafted SNAP packets, malformed 802.11 traffic, or packets with unexpected length values in certain headers, which could be exploited by unauthenticated attackers on a local wireless network segment to prevent the WLC from passing traffic, resulting in either a partial or complete denial of service condition.
The fourth vulnerability is caused by the presence of a hard-coded service password that is used for troubleshooting, which could be exploited by an attacker with physical access to take control of an affected Lightweight Access Point.
The fifth issue is caused by an error when processing certain WLAN ACLs, which could cause the WLAN ACL configuration to be saved with an invalid checksum, resulting in a silent and unexpected change to the security posture of a wireless network.
Credits
Vulnerabilities reported by the vendor
ChangeLog
2007-04-13 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
