The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities: Cisco Wireless LAN Controller Denial of Service Vulnerability Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
Model |
End of Life Document URL |
Cisco 2000 Series WLC |
|
Cisco NM-AIR-WLC Modules for ISR |
|
Cisco 500 Series Wireless Express Mobility Controllers |
http://www.cisco.com/en/US/prod/collateral/wireless/ps7306/ps7320/ps7339/end_of_life_c51-568040.html |
To determine the Cisco WLC Software version that is running in a given environment, use one of the following methods:
In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field.(Cisco Controller)> show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.121.0
Bootloader Version............................... 1.0.16
Field Recovery Image Version..................... 7.0.112.21
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Web Based Authentication...................... Enabled
IGMP snooping............................... Enabled
MLD snooping............................... Enabled
4.x | 5.x | 6.x | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 7.5 | 7.6 | |
Cisco Wireless LAN Controller Denial of Service Vulnerability CVE-2014-0701 |
X | X | X | X | ||||||
Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability CVE-2014-0703 |
X | |||||||||
Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability CVE-2014-0704 |
X | X | X | X | X | X | X | X | ||
Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability CVE-2014-0705 |
X | X | X | X | ||||||
Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability CVE-2014-0706 |
X | X | X | |||||||
Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability CVE-2014-0707 |
X | X | X | |||||||
Recommended Release | Migrate | Migrate | Migrate | 7.0.250.0 | Migrate | Migrate | Migrate | 7.4.121.0 |
Migrate | 7.6.100.0 |
Administrators may mitigate this issue by configuring Global AP Management Credentials on the affected device. This will disable the defaults and help ensure that unauthorized parties are unable to access the AP via the HTTP interface.
There are no on-device workarounds that mitigate the other vulnerabilities detailed in this document
Mitigation information for the vulnerability described in this advisory is available in the companion Applied Mitigation Bulletin (AMB) at the following location: Identifying and Mitigating Exploitation of Multiple Vulnerabilities in Cisco Wireless LAN Controllers
When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Cisco Wireless LAN Controller Denial of Service Vulnerability | ||
Affected Release | First Fixed | Recommended |
7.0 | 7.0.250.0 | 7.0.250.0 or 7.4.121.0* |
7.2 | N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.3 |
N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.4 | 7.4.110.0 | 7.4.121.0 |
Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability | ||
Affected Release | First Fixed | Recommended |
7.4 | 7.4.110.0 | 7.4.121.0 |
Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability | ||
Affected Release | First Fixed | Recommended |
4.x | N/A | Migrate to 7.0.250.0 |
5.x | N/A | Migrate to 7.0.250.0 |
6.x | N/A | Migrate to 7.0.250.0 |
7.0 | 7.0.250.0 | Migrate to 7.0.250.0 or 7.4.121.0* |
7.1 | N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.2 | N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.3 | N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability | ||
Affected Release | First Fixed | Recommended |
7.2 | N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.3 | N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.4 | 7.4.121.0 | Migrate to 7.4.121.0 |
7.5 |
N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability CVE-2014-0706 |
||
Affected Release | First Fixed | Recommended |
7.2 | 7.2.115.2 | Migrate to 7.4.121.0 or 7.6.100.0 |
7.3 |
N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.4 | 7.4.110.0 | 7.4.121.0 |
Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability CVE-2014-0707 |
||
Affected Release | First Fixed | Recommended |
7.2 | N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.3 |
N/A | Migrate to 7.4.121.0 or 7.6.100.0 |
7.4 | 7.4.110.0 | 7.4.121.0 |
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
Cisco Wireless LAN Controller Denial of Service Vulnerability, Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability, and Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability where discovered during internal testing and have not been found in customer deployments.
Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability, Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability, and Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability were discovered by the Cisco TAC while investigating customer issues.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Revision 1.0 | 2014-March-05 | Initial public release. |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.