Products include Routers, Switches, Licenses, IP Phones, IP Cameras. The unauthorized access vulnerability is located in code that Cisco wireless LAN controllers send to other access point devices connected to them. XS Network Tech, Ciscos Australian Leading Reseller.
The attacks can force the affected devices to restart or can result in more persistent denial-of-service conditions, depending on the vulnerability being exploited. The denial-of-service vulnerabilities can be exploited by sending specially crafted IGMP version 3 messages, MLD version 2 packets, ethernet 802.11 frames and WebAuth login requests to the affected devices. The affected products are: Cisco 500 Series Wireless Express Mobility Controllers, Cisco 2000 Series Wireless LAN Controllers, Cisco 2100 Series Wireless LAN Controllers, Cisco 2500 Series Wireless Controllers, Cisco 4100 Series Wireless LAN Controllers, Cisco 4400 Series Wireless LAN Controllers, Cisco 5500 Series Wireless Controllers, Cisco Flex 7500 Series Wireless Controllers, Cisco 8500 Series Wireless Controllers, Cisco Virtual Wireless Controller, Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (Cisco WiSM), Cisco Wireless Services Module version 2 (WiSM2), Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs), Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs), Cisco Catalyst 3750G Integrated WLC and Cisco Wireless Controller Software for Services-Ready Engine (SRE). The patched firmware versions are: Cisco CVR100W Wireless-N VPN Router firmware version 1.0.1.21, Cisco RV110W Wireless-N VPN Firewall firmware version 1.2.0.10 and Cisco RV215W Wireless-N VPN Router firmware version 1.1.0.6.Ĭisco also fixed five denial-of-service vulnerabilities and one unauthorized access vulnerability in the software running on a wide range of its stand-alone and modular wireless LAN controllers.
#CISCO SMALL BUSINESS ROUTERS UPDATE#
Users are advised to update the firmware of the affected devices because there are no available workarounds.