Cisco Wireless LAN Controller CVE-2012-0371 Unauthorized Access Security Bypass Vulnerability

Bugtraq ID:	52215
Class:	Access Validation Error
CVE:	CVE-2012-0371
Remote:	Yes
Local:	No
Published:	Feb 29 2012 12:00AM
Updated:	Feb 29 2012 12:00AM
Credit:	Cisco
Vulnerable:	Cisco Wireless Services Modules (WiSM) 0 Cisco Wireless LAN Control 7.0 Cisco Wireless LAN Control 6.0 Cisco Wireless LAN Control 5.2 Cisco Wireless LAN Control 5.1 Cisco Wireless LAN Control 5.0 Cisco Wireless LAN Control 4.2 M Cisco Wireless LAN Control 4.2 Cisco Wireless LAN Control 4.1 M Cisco Wireless LAN Control 4.1 Cisco Wireless LAN Control 4.0 Cisco Catalyst 3750G 0 Cisco 4400 Wireless LAN Controller (WLC) 0
Not Vulnerable:	Cisco Wireless Lan Controller 7.0.220.4

Cisco Wireless LAN Controller CVE-2012-0371 Unauthorized Access Security Bypass Vulnerability

Cisco Wireless LAN Controller is prone to a security-bypass vulnerability because it allows attackers to gain unauthorized access to the device.

This issue is being tracked by Cisco Bug ID CSCtu56709.

Note that this issue can be exploited only if CPU based access control lists (ACLs) are configured in the wireless controller.

An unauthenticated attacker can exploit this issue to view and modify the configuration of an affected device, thereby aiding in further attacks.

Cisco Wireless LAN Controller CVE-2012-0371 Unauthorized Access Security Bypass Vulnerability

Attackers can exploit this issue using readily available tools.

Cisco Wireless LAN Controller CVE-2012-0371 Unauthorized Access Security Bypass Vulnerability

Solution:
Updates are available. Please see the reference for more details.

Cisco Wireless LAN Controller CVE-2012-0371 Unauthorized Access Security Bypass Vulnerability

References:

• Cisco Homepage (Cisco )
  
• Multiple Vulnerabilities in Cisco Wireless LAN Controllers (Cisco)