Cisco fixes flaws in wireless LAN controllers
The patches address a number of vulnerabilities which could lead to denial of service or complete remote control of the device.
Cisco said that the flaws centre mainly around the handling of HTTP and HTTPS commands, and SSH requests. Attackers could target the flaws by sending malformed code or specially crafted commands, causing denial of service and possibly giving the attacker network access.
The products said to be vulnerable to one or more of the attacks are Cisco's 1500, 2000, 2100, 4100, 4200 and 4400 Wireless Service Modules, Integrated Service Routers and 3750G wireless LAN controllers.
Cisco is advising administrators to upgrade the vulnerable devices to the latest software versions, or implement the recommended workarounds.
The fixes are the latest in a very busy week for some administrators. Microsoft issued two out-of-cycle patches on Tuesday to address vulnerabilities that have been actively targeted in malware attacks.