January 31, 2013
Vulnerabilities found in Cisco WLAN controller necessitate 3rd party updates
Application and Server Management
In a recent eWeek article, contributor Jeffrey Burt reported that Cisco's new Catalyst switch and WLAN controller is making significant strides toward unifying wired and wireless networks, all part of its Unified Access initiative. Cisco recently unveiled the WLAN controller addition to the initiative, aimed at enabling businesses to gain access to software-defined networks.
"In a technology world driven by such trends as cloud computing, mobility and bring-your-own-device (BYOD), a converged network enables better network performance, cost efficiency, less complexity, and simpler management," said Inbar Lasser-Raab, senior director of enterprise networking marketing at Cisco, Burt cited.
With greater network capabilities comes greater risk
ITPro's Caroline Donnelly recently reported that Cisco is urging all users of its WLAN product family to install software updates due to the discovery of numerous security vulnerabilities. System administrators are calling for third party updates for software for users of the Cisco wireless LAN (WLAN).
Donnelly indicated that Cisco released a security advisory about the vulnerabilities after discovering that they affect 17 different products in the WLAN controller family, which also includes numerous models at end-of-software maintenance.
"Successful exploitation of the DoS vulnerabilities could allow an unauthenticated attacker to cause an affected device to reload," Cisco advised. "Repeated exploitation could result in a sustained DoS condition."
Donnelly reported that there have been numerous vulnerabilities, including the aforementioned Denial of Service (DoS) flaw. This vulnerability allows hackers to reload devices by sending IP packets to the end device. Another vulnerability is one that affects the HTTP profiling feature of Cisco WLAN devices, which could allow hackers to execute remote code. Cisco did, however, indicate that only Cisco WLAN Connector software version 22.214.171.124 is affected by this threat. A third vulnerability was found that could potentially allow unauthorized attackers to modify the configuration of devices.
Cisco has released a number of free software updates that allow users to secure these holes, and has also stated that there have been no reports to suggest these vulnerabilities may have been exploited at this time. As there are numerous third party updates needed to be integrated, patch management software could be an excellent solution for larger companies as they manage the series of patching across all devices hooked up to the network.