Recently, Cisco issued a PSIRT (20140305) describing certain vulnerabilities in Wireless LAN Controller code (link below). This action applies to all Unified Wireless LAN Controller hardware platforms and software trains under the 6.x or 7.x code releases, and it is recommended all systems be upgraded to one of the minimum code versions which provide fixes for these issues:
7.6.100.0
7.4.121.0
7.2.115.3
7.0.250.0
Stand Alone Controllers
- Cisco 500 Series Wireless Express Mobility Controllers
- Cisco 2000 Series Wireless LAN Controllers
- Cisco 2100 Series Wireless LAN Controllers
- Cisco 2500 Series Wireless Controllers
- Cisco 4100 Series Wireless LAN Controllers
- Cisco 4400 Series Wireless LAN Controllers
- Cisco 5500 Series Wireless Controllers
- Cisco Flex 7500 Series Wireless Controllers
- Cisco 8500 Series Wireless Controllers
- Cisco Virtual Wireless Controller
Modular Controllers
- Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (Cisco WiSM)
- Cisco Wireless Services Module version 2 (WiSM2)
- Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
- Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
- Cisco Catalyst 3750G Integrated WLC
- Cisco Wireless Controller Software for Services-Ready Engine (SRE) *
* Covers the Integrated Services Module 300 and Cisco Services-Ready Engine 700, 710, 900, and 910 products.
Note
: The Cisco 2000 Series WLC, Cisco 4100 Series WLC, Cisco NM-AIR-WLC, and Cisco 500 Series Wireless Express Mobility Controllers, have reached end-of-software maintenance. The following table includes the end-of-life document URL for each model:
PSIRT announcement 20140305
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc