On Thursday, Cisco released a number of patches to mitigate exposures affecting several products.
According to an advisory on its site, a bug in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could enable an unauthenticated, remote attacker to gain complete control of an affected device.
The bug is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate or standalone access point, the advisory read. The access means a remote attacker, with layer 3 connectivity, could use Secure Shell (SSH) to login to the device with elevated privileges. This would allow the attacker to take control of the device.
According to a second notice, a bug in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software opens the door to remote attackers to launch a denial of service (DoS) attack.
This particular flaw is due to “incomplete input validation of the 802.11 WME packet header,” the advisory stated. By delivering malformed 802.11 WME frames to a targeted device, miscreants could take advantage and cause the WLC to reload unexpectedly.
A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software is updated as well. The flaw could enable an unauthenticated, remote attacker to cause an unexpected reload of the device.
The bug is due to incomplete IPv6 UDP header validation, according to the notice. “An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device,” the notice reads. From there, the attacker could “impact the availability of the device as it could unexpectedly reload.”
The fourth security advisory points out a flaw in the web management interface of Cisco Wireless LAN Controller (WLC) Software. This flaw could enable an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Cisco explained that the flaw was owing to a missing internal handler for the specific request. “An attacker could exploit this vulnerability by accessing a specific hidden URL on the web management interface,” the company stated. An attacker could institute a reload of the device, consequently resulting in a DoS situation.
Cisco has released software updates that address all four of these vulnerabilities. There are no workarounds that address the flaws.
US-CERT advises users and administrators to review the Cisco security advisories and apply the updates as needed.