Cisco bit 4 dangerous product WLAN Controller error

Yesterday (4/2) Cisco released a security bulletin that alerts users of all of its wireless LAN (WLAN) control devices on four newly discovered vulnerabilities in these products.

But only WLAN Controller devices use system software version 4.2 and above. Cisco Catalyst 6500 and 7600 Wireless Modules are also confirmed to contain the above security errors.

Of the 4 above errors, up to 3 errors can be used to organize denial of service (DoS) attacks on WLAN Controller lines.

A denial of service attack may cause WLAN Controller to hang completely or will be forced to restart. If continuous DoS attacks will result in the device refusing to process the user's connection request - or to say that it is denying the service.

Out of 3 DoS errors, there are two errors related to Web authentication. Hackers can use a security error detection tool to force WLAN to stop the web authentication service for users who request to connect to the wireless network and force the device to restart. The second error can be exploited by sending a malicious data packet to the login authentication website 'login.html'.

Meanwhile the third DoS error involves the process of WLAN Controller receiving 'IP address package'. Attacks through this security error can cause the device to hang completely. However, this bug has been confirmed to exist only in Software Series 400 Series, Catalyst 6500 Wireless Services Module and 3750 Integrated Wireless LAN Controllers.

Meanwhile, if a fourth error is successfully exploited, a restricted access user can leap into an administrator. This error exists only in devices using software version 4.2.173.0.

In addition to alerting users to security holes, Cisco also releases updates. It is recommended that users quickly download and install the necessary fixes here.