-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-027 Title: Multiple Vulnerabilities in Cisco Wireless LAN Controllers [1] Version history: 06.03.2014 Initial publication Summary ======= The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability CVE numbers: [2] CVE-2014-0701 6.0 (MEDIUM) (AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2014-0703 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2014-0704 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2014-0705 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2014-0706 9.0 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:C) CVE-2014-0707 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) Vulnerable systems ================== Stand Alone Controllers Cisco 500 Series Wireless Express Mobility Controllers Cisco 2000 Series Wireless LAN Controllers Cisco 2100 Series Wireless LAN Controllers Cisco 2500 Series Wireless Controllers Cisco 4100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers Cisco 5500 Series Wireless Controllers Cisco Flex 7500 Series Wireless Controllers Cisco 8500 Series Wireless Controllers Cisco Virtual Wireless Controller Modular Controllers Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (Cisco WiSM) Cisco Wireless Services Module version 2 (WiSM2) Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs) Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs) Cisco Catalyst 3750G Integrated WLC Cisco Wireless Controller Software for Services-Ready Engine (SRE Original Details ================ The Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless LAN functionality, including security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP) and the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. See the original advisory for some explanations about each vulnerabilitie. What can you do? ================ There are patches according to the versions. [1] What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0707 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0706 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0705 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0704 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0703 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0701 Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTGIlgAAoJEPpzpNLI8SVoxCgP/2XopVQy6n2+2Vuowpe9J73L cRAfwbi7PKJp1x3YJCqF9EeSxl1FacgF5zr4uDFVVQT2iekxVnix/orF5B1QN6U6 gnXH6Ka9/TVmoynOBbtK/ccvZUwq/b0//IVUTSptgPVR26bAvkNz8OFhbka+3BTm IibQ/tepLAL7o+E3UgaweyH85xE1iK0ndloveosjXiqXmfU2J4ZJsQGQ5wZCr6CM MtJAnF/GX4B2Ja5uXrpD1Je6rIcfHuujTpKAn6tx5ln3iWnktPCOauwsS4mIf3iX W/cQd9XGlojgdQaV1h1c0xPujO15+8dJGWWtLMPW8ARV1BpY1kto+JXCBkYWFSru OniTs7Nj1kXWH4BVFUUtHXPox3MEw3z3nsSVzpY757d4IM5onkb169a/Fizj+tGZ ZF8ghAjG1RtLTHHcjv7pN4uTwCKwlNwz6LsKtHv5FcN9YdQouOEwHLVFmlcEl7u+ VuTuCO5y+ELp7h3pXWj9NrrXvvKTLpBuB65VYDUX/B+R2Yt2SyWkOtScsdUDo8yJ 11+7beQcUA86jRLyHy4aub0gY4g1DNeHcKIGmKW9loIhD0X/C6AKwGTZsFz3Fz4O 2OSlGtnrU/tsStJYNCWxHfPjhhwWCnoNQht2CV9UtU49OTBvB5x1UcvyCUEIjHDi 0eXlbwsiYm6NtQjuCZSz =cI16 -----END PGP SIGNATURE-----