Cisco corrects serious Wireless LAN flaws

By SearchSecurity.com Staff 05 Feb 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Cisco Systems Inc. addressed several serious vulnerabilities in its Wireless LAN controllers that could be exploited by attackers to cause a denial-of-service (DoS) condition.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a Cisco advisory released Wednesday, the networking giant said two DoS vulnerabilities affect software versions 4.2 and later on all its wireless platforms. A third DoS flaw affects versions 4.1 and later on Cisco 4400 series, 6500/7600 series and 3750 series wireless LAN controllers.

Cisco said an attacker could use a vulnerability scanner to make the LAN controller stop servicing Web authentication or cause the device to reload. An attacker can trigger the device to reload by sending certain IP packets or a malformed post to the Web authentication "login.html" page, Cisco said. The highest Common Vulnerability Scoring System (CVSS) rating was a 7.8.

In addition, Cisco warned that a privilege escalation vulnerability affects software version 4.2.173.0. A successful exploit could give a restricted user the ability to gain full administrative rights on an affected system, Cisco said. The flaw was given a CVSS base score of 9 since it would give a user complete control of a system.

Tags: Wireless LAN Design and Setup,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Wireless LAN Design and Setup Wireless network guidelines for PCI DSS compliance Best Wireless Security Products How to prevent wireless DoS attacks Lesson 4 quiz: How to use wireless IPS Wireless intrusion prevention systems: Overlay vs. embedded sensors Rogue AP containment methods How to monitor WLAN performance with WIPS The role of VPN in an enterprise wireless network Wireless AP placement basics Lesson 3 quiz: Who goes there? Wireless LAN Design and Setup Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary evil twin  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary