The vulnerabilities affect Cisco Wireless LAN Controllers, but the company is offering a workaround.
Cisco Systems released a security advisory on Tuesday afternoon to address several vulnerabilities in its Wireless LAN Controllers that could enable hackers to cause a denial-of-service on the affected network.
The flaws lie in the handling of Address Resolution Protocol (ARP) packets. The advisory noted that a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group. A vulnerable WLC may mishandle unicast ARP requests from a wireless client, leading to an ARP storm.
The bugs affect versions 4.1, 4.0, 3.2, and prior versions of the Wireless LAN Controller software, according to the advisory.
The protocol provides a mapping between a device's IP address and its hardware address on the local network. And the Cisco Wireless LAN Controllers provide real-time communication between lightweight access points and other wireless LAN controllers for centralized system-wide WLAN configuration and management functions, according to Cisco.
As a workaround, Cisco is recommending that operators require all clients to obtain their IP addresses from a DHCP server. A DHCP, or Dynamic Host Configuration Protocol. is a set of rules used to allow a device to obtain an IP address from a server. To enforce the workaround, all WLANs can be configured with a DHCP Required setting, which disallows client static IP addresses, Cisco noted. If DHCP Required is selected, clients must obtain an IP address via DHCP. Any client with a static IP address will not be allowed on the network. The controller monitors DHCP traffic because it acts as a DHCP proxy for the clients.
Earlier this month, Cisco released two security bulletins to warn IT managers about vulnerabilities in its Unified Communications Manager. In one advisory, Cisco noted the Unified Communications Manager, which used to be known as CallManager, contained two overflow vulnerabilities. The flaws, according to the company, could enable a remote, unauthenticated hacker to execute arbitrary and malicious code or cause a denial-of-service.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.