copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2016.0101 - ALERT [Cisco] Cisco Wireless LAN Controller: Administrator compromise - Remote/unauthenticated

Date: 14 January 2016

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0101
      Cisco Wireless LAN Controller Unauthorized Access Vulnerability
                              14 January 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Wireless LAN Controller
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Administrator Compromise -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-6314  

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20160113-wlc

Revision: 1.0

For Public Release 2016 January 13 16:00  GMT


+---------------------------------------------------------------------

Summary
+======

Devices running Cisco Wireless LAN Controller (WLC) software versions 7.6.120.0 or later, 8.0 or later, or 8.1 or later contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to modify the configuration of the device.

An attacker who can connect to an affected device could exploit this vulnerability. A successful exploit may compromise the device completely. Customers are advised to upgrade to a version of Cisco WLC software that addresses this vulnerability.

There are no workarounds that address this vulnerability.

Cisco has released software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWlnyxAAoJEIpI1I6i1Mx35zgQALeiHWpOREIv4toqLN48hfLt
mMMPAIeD7z1BNEvGkJagFoK1Uh8qoEl5sKbcT7/ZEh5eLktM+uVfRQLe0YQC+Pax
WNSeItZqfz4uQbJd87UtljCogWLP9Qdw4t40NrAUMHthd0IQ8WQu2Y6CNi9Y8KCU
E4X/mdT+oPHuUg8NNJrWgV0T0fYS8iNJmKekaU7jaH0XY0WRf7H1l6qQWw5MzshR
4F7o4nzvMQbDRV41kM0ARGyS/Z1VD6qSWGO0vN6cK2bg1YeTihxuWFyTxzcNbWkT
xpEkiSDQOl9UgJsVRtUhLj2Ak1/qJLmZPhXE6O7dDzPAMtY+I7emEbL3vACg4O7T
iEHhDSrD+IPqiOZlbrPQS40xTIppPGMI1N2tx18D8AlvJZKQehVbDnwW+XpWxGKa
Z/X7ADPmhiSKiK1Cbje2EacXpVf6WspvlSi5XKOCHWQFOufDm3idxLCkA2mkju0P
W6iU4vD0QhHlmfnvF4ilABGwfbqYCyllqGFVmkY+pNs8+JOBkN91aWPW0tGYrkPO
v2WhYUJvKrlcatUenIP+ZnGtC0UiI7I2d1pq9Ec8Kq0k2fGoQ+DNDtBxqflmW8jU
8zTKkBIn7qa8GR08XNLdwcs5MVZ2VhRD0ad8B95OpqCPz/3f+p/9F5goo7IWJQL6
nrl9vr+8uOyun5kxJEes
=51Lm
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVpbz7X6ZAP0PgtI9AQKgUQ/+LyMlrqOXNHbfHIjViMS5EgJuH29N+DdQ
f370hZHAg2njdEEwaS3eCvcMuGkEnRqMoiF66OL77ourMYRcZ8S2LdPm/YyMw94g
oSU0PNFsZoDqNJQwV9aXGSV4q75GQmuJ5s/Ig9iqSwZ6+mMuliVI5JIE2NwJgeHX
txMbGSoddm6HUwpMaylCrv68bb5Bfca7n3PWLaYO4RSe4DQY0R4qLjed9zNtCx45
yDBz+O4Wub/QoxiZ9vGjbtZHMvzDr651QCv/izSAVUuGYrzmt/uFsIYt3vSWc01j
7Sys611IhufdmdHKwTQcyoVlG6kAhWgKFdZmC/ldeAUdI6xcR/SHKMVPFfyq1ZU5
yxDaKBppZUNeXnXj2lcUFMNNVJ9yXRoaxY6eNZEp2mGHQiaADEj8NtDEFGhIMT18
bTXv30J8homcK+2+FtukL3D3yXXTBiF9fja5J+xdreD1YqpdH+7NZ55T8Ul5lkbg
8jhxWRpJXDizUwaUZRGwV9O9xyGzUVL2N0T03Rs3MRIwF6ffFCs6QbYryY8WM5r7
pNngne9oCG17r5gXsIN7vtsQTex2n/QVHQnWvbmCt34aPplENAM5tYodNOxyATsA
ERjcWOTBNst126lhyj0CU02UQ/pz32PTJp0PBgEcNvCXwwDW0O1VqUPVe/KYXRRo
FGyCbV/SksA=
=cuD0
-----END PGP SIGNATURE-----