CERT-MU :Advisories

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU AD-2009-12

Cisco Wireless LAN Controller SSH and Web Interface Remote Denial of Service Vulnerabilities

Original issue date: 06 August, 2009

Overview

Cisco Wireless LAN Controller software contains vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Description

Various activities in Wireless LAN, for example, system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility, is administered by Cisco Wireless LAN Controllers (WLCs). The WLC is administered by administrative web console or SSH.

Multiple vulnerabilities have been reported in WLC's remote SSH connection and Web Management interface.

All Bind based DNS servers

A remote user could exploit an error in the SSH server by making crafted requests to the affected system. This could trigger a memory leak and cause the target device to crash.

Web Management Interface Malicious http/https Request Remote Denial of Service Vulnerability

A remote user could exploit the vulnerability in the administrative web console by making crafted requests to the system. These requests could cause the system to reboot, resulting in a DoS condition.

Affected Systems