Cisco issues wireless LAN security warning on DoS attacks

Cisco has warned system administrators to patch their wireless LAN appliances following the discovery of flaws which could allow for remote code execution and denial-of-service attacks.

The company said that the flaws affect some 17 products in its WLC wireless controller lines. Among the products are the Virtual Wireless Controller tool and the Catalyst 3750G and Flex 7500 lines.

Cisco has released a fix for the flaws and the company is advising customers to update their wireless controllers to prevent attack. The threat of attack can also be mitigated on some devices by limiting SNMP access on the wireless controller.

According to Cisco, the package includes a fix for vulnerability could allow an attacker to remotely trigger a reset on the targeted controller. By repeatedly resetting the controller, the attacker could create a denial of service condition and effectively disable the targeted device.

Other possible implications of a successful exploit attempt include remote code execution and unauthorised network access.

January has thus far proven to be a busy month for security patches. Aside from scheduled monthly updates from Oracle and Microsoft, security professionals and administrators have had to contend with a pair of zero day exploits on Java which have already been released in the wild and added to popular attack kits.