Executive Summary

Summary
Title Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Informations
Name cisco-sa-20120229-wlc First vendor Publication 2012-02-29
Vendor Cisco Last vendor Modification 2012-02-29
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities:

* Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability
* Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
* Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability
* Cisco Wireless LAN Controllers Unauthorized Access Vulnerability

Cisco has released free software updates that address these vulnerabilities. Workarounds are available that mitigate some of these vulnerabilities.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc

Affected Products

The Cisco WLC product family is affected by multiple vulnerabilities. Affected versions of Cisco ASA Software vary depending on the specific vulnerability.

Vulnerable Products

For specific version information, refer to the Software Versions and Fixes section of this advisory.

Each of the following products is affected by at least one of the vulnerabilities covered in this Security Advisory:

* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Modules (WiSM)
* Cisco Wireless Services Modules version 2 (WiSM version 2)
* Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controllers

Note: The Cisco 2000 Series WLCs, Cisco 4100 Series WLCs, Cisco NM-AIR-WLC, and Cisco 500 Series Wireless Express Mobility Controllers, have reached end-of-software maintenance. The following table includes the end-of-life document URL for each model:

+|Model |End of Life Document URL | |--| |Cisco 2000 Series WLC |http://www.cisco.com/en/US/prod/collateral/ | | |wireless/ps6302/ps8322/ps6308/ | | |prod_end-of-life_notice0900aecd805d22b0.html| |--| |Cisco 4100 Series WLC |http://www.cisco.com/en/US/prod/collateral/ | | |wireless/ps6302/ps8322/ps6307/ | | |prod_end-of-life_notice0900aecd803387a9.html| |--| |Cisco NM-AIR-WLC |http://www.cisco.com/en/US/prod/collateral/ | |Modules for ISR |modules/ps2797/ | | |prod_end-of-life_notice0900aecd806aeb34.html| |--| |Cisco 500 Series |http://www.cisco.com/en/US/prod/collateral/ | |Wireless Express |wireless/ps7306/ps7320/ps7339/ | |Mobility Controllers |end_of_life_c51-568040.html |

+Determination of Software Versions

To determine the WLC version that is running in a given environment, use one of the following methods:

* In the web interface, choose the Monitor tab, click

CWE : Common Weakness Enumeration

% Id Name
75 % CWE-399 Resource Management Errors
25 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Hardware 2
Os 46