Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0101 Cisco Wireless LAN Controller Unauthorized Access Vulnerability 14 January 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Wireless LAN Controller Publisher: Cisco Systems Operating System: Cisco Impact/Access: Administrator Compromise -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-6314 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability Advisory ID: cisco-sa-20160113-wlc Revision: 1.0 For Public Release 2016 January 13 16:00 GMT +--------------------------------------------------------------------- Summary +====== Devices running Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device. An attacker who can connect to an affected device could exploit this vulnerability. A successful exploit may compromise the device completely. Customers are advised to upgrade to a version of Cisco WLC software that addresses this vulnerability. There are no workarounds that address this vulnerability. Cisco has released software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWlnyxAAoJEIpI1I6i1Mx35zgQALeiHWpOREIv4toqLN48hfLt mMMPAIeD7z1BNEvGkJagFoK1Uh8qoEl5sKbcT7/ZEh5eLktM+uVfRQLe0YQC+Pax WNSeItZqfz4uQbJd87UtljCogWLP9Qdw4t40NrAUMHthd0IQ8WQu2Y6CNi9Y8KCU E4X/mdT+oPHuUg8NNJrWgV0T0fYS8iNJmKekaU7jaH0XY0WRf7H1l6qQWw5MzshR 4F7o4nzvMQbDRV41kM0ARGyS/Z1VD6qSWGO0vN6cK2bg1YeTihxuWFyTxzcNbWkT xpEkiSDQOl9UgJsVRtUhLj2Ak1/qJLmZPhXE6O7dDzPAMtY+I7emEbL3vACg4O7T iEHhDSrD+IPqiOZlbrPQS40xTIppPGMI1N2tx18D8AlvJZKQehVbDnwW+XpWxGKa Z/X7ADPmhiSKiK1Cbje2EacXpVf6WspvlSi5XKOCHWQFOufDm3idxLCkA2mkju0P W6iU4vD0QhHlmfnvF4ilABGwfbqYCyllqGFVmkY+pNs8+JOBkN91aWPW0tGYrkPO v2WhYUJvKrlcatUenIP+ZnGtC0UiI7I2d1pq9Ec8Kq0k2fGoQ+DNDtBxqflmW8jU 8zTKkBIn7qa8GR08XNLdwcs5MVZ2VhRD0ad8B95OpqCPz/3f+p/9F5goo7IWJQL6 nrl9vr+8uOyun5kxJEes =51Lm - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVpbz7X6ZAP0PgtI9AQKgUQ/+LyMlrqOXNHbfHIjViMS5EgJuH29N+DdQ f370hZHAg2njdEEwaS3eCvcMuGkEnRqMoiF66OL77ourMYRcZ8S2LdPm/YyMw94g oSU0PNFsZoDqNJQwV9aXGSV4q75GQmuJ5s/Ig9iqSwZ6+mMuliVI5JIE2NwJgeHX txMbGSoddm6HUwpMaylCrv68bb5Bfca7n3PWLaYO4RSe4DQY0R4qLjed9zNtCx45 yDBz+O4Wub/QoxiZ9vGjbtZHMvzDr651QCv/izSAVUuGYrzmt/uFsIYt3vSWc01j 7Sys611IhufdmdHKwTQcyoVlG6kAhWgKFdZmC/ldeAUdI6xcR/SHKMVPFfyq1ZU5 yxDaKBppZUNeXnXj2lcUFMNNVJ9yXRoaxY6eNZEp2mGHQiaADEj8NtDEFGhIMT18 bTXv30J8homcK+2+FtukL3D3yXXTBiF9fja5J+xdreD1YqpdH+7NZ55T8Ul5lkbg 8jhxWRpJXDizUwaUZRGwV9O9xyGzUVL2N0T03Rs3MRIwF6ffFCs6QbYryY8WM5r7 pNngne9oCG17r5gXsIN7vtsQTex2n/QVHQnWvbmCt34aPplENAM5tYodNOxyATsA ERjcWOTBNst126lhyj0CU02UQ/pz32PTJp0PBgEcNvCXwwDW0O1VqUPVe/KYXRRo FGyCbV/SksA= =cuD0 -----END PGP SIGNATURE-----