Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability
DONT PING YOUR CISCO WLCs! LOL
Document ID: 112916
Advisory ID: cisco-sa-20110427-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml
Revision 1.0
For Public Release 2011 April 27 1600 UTC (GMT)
Contents
Summary
Affected Products
Details
Vulnerability Scoring Details
Impact
Software Versions and Fixes
Workarounds
Obtaining Fixed Software
Exploitation and Public Announcements
Status of this Notice: FINAL
Distribution
Revision History
Cisco Security Procedures
Summary
The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of ICMP packets.
Cisco has released free software updates that address this vulnerability.
There are no available workarounds to mitigate this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml.
[Expand all sections] [Collapse all sections]
Affected Products
Vulnerable Products
This vulnerability affects Cisco WLC software versions 6.0 and later. The following products are affected by the vulnerability described in this Security Advisory:
- Cisco 2100 Series Wireless LAN Controllers
- Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9)
- Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
- Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
Note: The Cisco NM-AIR-WLC have reached End-of-Life and End-of-Software Maintenance. Please refer to the following document for more information:
Reader Comments