Software // Enterprise Applications
News
7/24/2007
05:18 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco Warns Of Bugs In Wireless LAN Controllers

The vulnerabilities affect Cisco Wireless LAN Controllers, but the company is offering a workaround.

Cisco Systems released a security advisory on Tuesday afternoon to address several vulnerabilities in its Wireless LAN Controllers that could enable hackers to cause a denial-of-service on the affected network.

The flaws lie in the handling of Address Resolution Protocol (ARP) packets. The advisory noted that a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group. A vulnerable WLC may mishandle unicast ARP requests from a wireless client, leading to an ARP storm.

The bugs affect versions 4.1, 4.0, 3.2, and prior versions of the Wireless LAN Controller software, according to the advisory.

The protocol provides a mapping between a device's IP address and its hardware address on the local network. And the Cisco Wireless LAN Controllers provide real-time communication between lightweight access points and other wireless LAN controllers for centralized system-wide WLAN configuration and management functions, according to Cisco.

As a workaround, Cisco is recommending that operators require all clients to obtain their IP addresses from a DHCP server. A DHCP, or Dynamic Host Configuration Protocol. is a set of rules used to allow a device to obtain an IP address from a server. To enforce the workaround, all WLANs can be configured with a DHCP Required setting, which disallows client static IP addresses, Cisco noted. If DHCP Required is selected, clients must obtain an IP address via DHCP. Any client with a static IP address will not be allowed on the network. The controller monitors DHCP traffic because it acts as a DHCP proxy for the clients.

Earlier this month, Cisco released two security bulletins to warn IT managers about vulnerabilities in its Unified Communications Manager. In one advisory, Cisco noted the Unified Communications Manager, which used to be known as CallManager, contained two overflow vulnerabilities. The flaws, according to the company, could enable a remote, unauthenticated hacker to execute arbitrary and malicious code or cause a denial-of-service.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.