Cisco Wireless LAN Controller ARP denial of service
| cisco-wlc-arp-dos (35576) |  Medium Risk |
Description:
Multiple Cisco Wireless LAN Controllers are vulnerable to a denial of service. By sending a specially-crafted unicast ARP request, an authenticated remote attacker in a mobility group could cause a denial of service.
*CVSS:
| Base Score: | 3 |
| Access Vector: | Remote |
| Access Complexity: | Low |
| Authentication: | Required |
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | Complete |
| Temporal Score: | 2.2 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Denial of Service
Remedy:
Refer to cisco-sa-20070724-arp for patch, upgrade, or suggested workaround information. See References.
References:
- cisco-sa-20070724-arp: Cisco Security Advisory: Wireless ARP Storm Vulnerabilities.
- BID-25043: Cisco Wireless LAN Control ARP Storm Multiple Denial Of Service Vulnerabilities
- CVE-2007-4011: Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.
- SA26161: Cisco Multiple Products Wireless ARP Requests Denial of Service
- SECTRACK ID: 1018444: Cisco Wireless LAN Controller ARP Processing Lets Remote Users Deny Service
- VUPEN/ADV-2007-2636: Cisco Wireless LAN Controllers Address Resolution Protocol Denial of Service Issues
Platforms Affected:
- Cisco 4100 Wireless LAN Controller
- Cisco 4400 Wireless LAN Controller
- Cisco Airespace 4000 Wireless LAN Controller
- Cisco Catalyst 3750
- Cisco Catalyst 6500
- Cisco Wireless LAN Controller 3.2
- Cisco Wireless LAN Controller 3.2.116.21
- Cisco Wireless LAN Controller 4.0
- Cisco Wireless LAN Controller 4.0.155.0
- Cisco Wireless LAN Controller 4.1
Reported:
Jul 24, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.