Cisco today warned its customers of vulnerabilities in its Cisco Wireless LAN Controllers, Cisco Catalyst 6500 Wireless Services Modules, and Cisco Catalyst 3750 Integrated Wireless LAN Controllers gear. The four vulnerabilities, which are not related to one another, could enable attackers to escalate privileges on some equipment or launch sustained denial-of-service attacks.The privilege-escalation attack is specific only to Cisco's Wireless LAN Controller software version 220.127.116.11. This vulnerability, according to Cisco, could enable an authenticated user to obtain full administrative rights on at-risk systems.
Successful exploitation of the denial-of-service vulnerabilities could cause devices to hang or reload. Repeated exploitation could result in a sustained DoS condition, Cisco says.
Cisco says there are no workarounds available for these issues. So, if you use this equipment, your best option is to patch.
Cisco has published a detailed advisory, which is available here.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.Subscribe