Cisco Patches Multiple Wireless Vulnerabilities
In a Thursday advisory, the San Jose, Calif.-based vendor said it has patched seven holes in its Wireless LAN Controller, which is used to manage Cisco Aironet access points. In addition to launching denial of service attacks and altering access control lists, a successful attacker could exploit the flaws to gain full control over an affected system.
Cisco assigned CVSS base scores ranging from 3.3 to 10 to the seven vulnerabilities, which affect versions 4.0, 3.2, and previous versions of the Wireless LAN Controller software.
Cisco patched an additional four vulnerabilities in its Wireless Control System, a platform for wireless LAN planning and design, system configuration, location tracking, security monitoring, and wireless LAN management.
The flaws, to which Cisco assigned CVSS base scores ranging from 2.3 to 10, could lead to information disclosure, privilege escalation, and unauthorized access to the system due to fixed authentication credentials, Cisco said in a separate advisory.
Versions of WCS prior to 4.0.96.0 are affected by one or more of these vulnerabilities, Cisco said.
Symantec, in a Deepsight Threat Management System bulletin issued Thursday, assigned severity ratings of 10 out of 10 to both sets of vulnerabilities.