Cisco has warned about four vulnerabilities affecting all of its wireless LAN controllers, including the Catalyst 6500 and 7600 wireless modules, with software version 4.2 or higher.
Three are denial-of-service attacks. The fourth, specific to one particular software version, could allow a restricted user to gain full administrative rights to the controller. The DoS attacks could cause the controllers to hang or reload, with repeated attacks creating a sustained service denial condition, according to the alert.
No workarounds for these vulnerabilities exist; but Cisco has posted software patches for all four of them.
Two of the DoS attacks are aimed at web authentication. In one instance, the attacker can use a vulnerability scanner to cause the controller to stop servicing web authentication for wireless clients, or cause the controller to reload. The second can trigger a controller reload by sending a malformed post to the web authentication "login.html" page.
The third DoS attack involves the controller receiving "certain IP packets" that trigger a "DoS condition," causing the controller to become unresponsive. This is limited to software version 4.1 in the 4400 series, Catalyst 6500 Wireless Services Module, and 3750 Integrated Wireless LAN Controllers.
The last attack, classed as a "privilege escalation vulnerability," exists only in controller software version 126.96.36.199. A successful exploitation may allow an unauthenticated user to gain full administrative rights to the targeted controller.