漏洞起因
异常条件处理失败错误
影响系统
Cisco WLC Modules for Integrated Services Routers
Cisco Wireless Services Modules (WiSM)
Cisco Wireless LAN Control 5.2
Cisco Wireless LAN Control 5.1
Cisco Wireless LAN Control 5.0
Cisco Wireless LAN Control 4.2 M
Cisco Wireless LAN Control 4.2
Cisco Catalyst 3750G
Cisco 5500 Wireless LAN Controlller (WLC)
Cisco 4404 Wireless LAN Controller (WLC)
Cisco 4402 Wireless LAN Controller (WLC)
Cisco 4400 Wireless LAN Controllers
Cisco 4400 Wireless LAN Controller (WLC)
Cisco 4200 Wireless LAN Controller (WLC)
Cisco 4100 Wireless LAN Controller (WLC)
Cisco 2106 Wireless LAN Controller (WLC)
Cisco 2100 Wireless LAN Controller (WLC)
Cisco 2100 Wireless LAN Controller
Cisco 2006 Wireless LAN Controllers (WLC)
Cisco 2000 Wireless LAN Controller (WLC)
Cisco 1500
不受影响系统
Cisco Wireless LAN Control 6.0.182 .0
Cisco Wireless LAN Control 5.2.193 .0
Cisco Wireless LAN Control 4.2.205 .0
Cisco Wireless LAN Control 4.2.176 .51
危害
远程攻击者可以利用漏洞执行任意代码或进行拒绝服务攻击,获得敏感信息。
攻击所需条件
攻击者必须访问Cisco Wireless LAN Controller。
漏洞信息
Cisco Wireless LAN Controller用于使用轻量级接入点协议(LWAPP)管理Cisco Aironet接入点的应用设备。
Cisco无线LAN控制器处理特殊构建的HTTP或HTTPS请求存在问题,远程攻击者可以利用漏洞使设备崩溃。
此漏洞可远程利用,无需验证和用户交互。
测试方法
厂商解决方案
用户可参考如下安全公告获得补丁信息:
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
漏洞提供者
IBM Research
0 条评论。