SB2018050710 - Multiple vulnerabilities in Cisco 5500 Series Wireless Controllers
Published: May 7, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-0235)
The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the 802.11 frame validation functionality due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An adjacent attacker can send a specially crafted 802.11 management frame and cause the service to crash.
2) Resource management errors (CVE-ID: CVE-2018-0252)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists in the IP Version 4 (IPv4) fragment reassembly function due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. A remote attacker can send specially crafted IPv4 fragments and cause the service to crash.
3) Information disclosure (CVE-ID: CVE-2018-0245)
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.The weakness exists in the REST API due to incomplete input and validation checking mechanisms in the REST API URL request. A remote attacker can send a specially crafted URL to the REST API and gain access to potentially sensitive information.
4) Improper authentication (CVE-ID: CVE-2018-0247)
The vulnerability allows an adjacent unauthenticated attacker to bypass security restrictions on the target system.The weakness exists due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An adjacent attacker can send traffic to local network resources without having gone through authentication, bypass authentication and pass traffic.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-id
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth