Check Point Advisories

Update Protection against Cisco IOS Administrative Interface HTTP Authentication

Check Point Reference: CPAI-2009-221
Date Published: 31 Jul 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Insecure.org
Industry Reference:

CVE-2009-1164
CVE-2009-1166

Protection Provided by:
Who is Vulnerable? Cisco WLC 4.2 and later
Vulnerability Description Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request to an affected WLC.

Note:The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected.
Update/Patch AvaliableCisco has released free software updates that address this vulnerability.
The advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
Vulnerability DetailsThe vulnerability can be triggered by sending a GET request with long authentication data. The device will then become unresponsive and will need to reboot.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK