Cisco has released software updates to patch several critical and high severity denial-of-service (DoS) vulnerabilities in the company’s Wireless LAN Controller (WLC) products.
The most serious of the flaws, rated critical, is an issue related to the HTTP URL redirect feature of WLC software. The vulnerability (CVE-2016-1363), caused by the improper handling of HTTP traffic, allows an unauthenticated attacker to remotely trigger a buffer overflow and cause affected devices to enter a DoS condition.
The security hole affects Cisco WLC software versions 7.2, 7.3, 7.4 releases prior to 7.4.140.0(MD), 7.5, 7.6, and 8.0 releases prior to 8.0.115.0(ED).
Cisco WLC software is also affected by a high severity vulnerability (CVE-2016-1364) in the Bonjour task manager. By sending specially crafted Bonjour traffic to a vulnerable device, a remote attacker can cause it to enter a DoS condition.
The flaw exists in WLC software versions 7.4 prior to 7.4.130.0(MD), 7.5, 7.6, and 8.0 releases prior to 8.0.110.0(ED).
The last vulnerability related to Cisco WLC (CVE-2016-1362) exists in the web-based management interface of devices running AireOS software. A remote attacker can cause vulnerable devices to reload by accessing a URL that is not supported by the management interface. Cisco WLC devices running AireOS releases 4.1 through 7.4.120.0, all 7.5 releases, and release 7.6.100.0 are affected.
A DoS vulnerability has also been found in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) software. A remote, unauthenticated attacker can exploit the flaw to cause a DoS condition by sending specially crafted DHCPv6 packets to affected devices.
This high severity vulnerability (CVE-2016-1367) only affects the 9.4.1 release of ASA software. Cisco ASA 5500-X series NGFs, ASA Services Module for Catalyst 6500 series switches and 7600 series routers, and Adaptive Security Virtual Appliances (ASAv) may be affected.
Another serious DoS vulnerability (CVE-2015-6360) has been found in the Secure Real-Time Transport Protocol (SRTP) library (libSRTP). A remote attacker can trigger a DoS condition by sending malicious SRTP packets to the affected device.
This flaw impacts a wide range of Cisco products, including WebEx Meetings Server, Jabber, ASA software, IOS XE software, and over a dozen voice and unified communications devices.
Most of these vulnerabilities were discovered by Cisco’s own employees and there is no evidence that any of them have been exploited for malicious purposes. The libSRTP flaw was discovered last year by Randell Jesup of the Firefox team.