Latest (27th April 2011) Cisco Security Advisory for WLC (DoS)
The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of ICMP packets.
Cisco has released free software updates that address this vulnerability. There are no available workarounds to mitigate this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml
This vulnerability affects Cisco WLC software versions 6.0 and later. The following products are affected by the vulnerability described in this Security Advisory:-
- Cisco 2100 Series Wireless LAN Controllers
- Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9)
- Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
Note: The Cisco NM-AIR-WLC have reached End-of-Life and End-of-Software Maintenance. Please refer to the following document for more information: http://www.cisco.com/en/US/prod/collateral/modules/ps2797/prod_end-of-life_notice0900aecd806aeb34.html
The following Cisco Wireless LAN Controllers are not affected by this vulnerability:-
- Cisco 2000 Series WLCs
- Cisco 2500 Series WLCs
- Cisco 4100 Series WLCs
- Cisco 4400 Series WLCs
- Cisco Catalyst 3750G Integrated WLCs
- Cisco 5500 Series WLCs
- Cisco Wireless Services Modules (WiSMs, both WiSM and WiSM2)
- Cisco Wireless Services Ready Engine (SRE) Modules
- Cisco Flex 7500 Series Cloud Controllers
No other Cisco products are currently known to be affected by this vulnerability.
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable.
Affected Release | First Fixed Release |
4.0 | Not Vulnerable |
4.1 | Not Vulnerable |
4.1 M | Not Vulnerable |
4.2 | Not Vulnerable |
4.2M | Not Vulnerable |
5.0 | Not Vulnerable |
5.1 | Not Vulnerable |
5.2 | Not Vulnerable |
6.0 | 6.0.200.0 |
7.0 | 7.0.98.216 and 7.0.112.0 |
There are no available workarounds to mitigate this vulnerability.