Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability

Wednesday, April 27, 2011 at 4:25PM
George

DONT PING YOUR CISCO WLCs! LOL

Document ID: 112916

Advisory ID: cisco-sa-20110427-wlc

http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml

Revision 1.0

For Public Release 2011 April 27 1600 UTC (GMT)

---

Contents

Summary
Affected Products
Details
Vulnerability Scoring Details
Impact
Software Versions and Fixes
Workarounds
Obtaining Fixed Software
Exploitation and Public Announcements
Status of this Notice: FINAL
Distribution
Revision History
Cisco Security Procedures

---

Summary

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of ICMP packets.

Cisco has released free software updates that address this vulnerability.

There are no available workarounds to mitigate this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml.

[Expand all sections]     [Collapse all sections]

Affected Products

Vulnerable Products

This vulnerability affects Cisco WLC software versions 6.0 and later. The following products are affected by the vulnerability described in this Security Advisory:

• Cisco 2100 Series Wireless LAN Controllers
• Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9)
• Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
• Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)

Note: The Cisco NM-AIR-WLC have reached End-of-Life and End-of-Software Maintenance. Please refer to the following document for more information:

 

http://www.cisco.com/en/US/prod/collateral/modules/ps2797/prod_end-of-life_notice0900aecd806aeb34.html



Article originally appeared on my80211.com (http://www.my80211.com/).