-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0297
        Multiple Vulnerabilities in Cisco Wireless LAN Controllers
                               6 March 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco 500 Series Wireless Express Mobility Controllers
                   Cisco 2000 Series Wireless LAN Controllers
                   Cisco 2100 Series Wireless LAN Controllers
                   Cisco 2500 Series Wireless Controllers
                   Cisco 4100 Series Wireless LAN Controllers
                   Cisco 4400 Series Wireless LAN Controllers
                   Cisco 5500 Series Wireless Controllers
                   Cisco Flex 7500 Series Wireless Controllers
                   Cisco 8500 Series Wireless Controllers
                   Cisco Virtual Wireless Controller
                   Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (Cisco WiSM)
                   Cisco Wireless Services Module version 2 (WiSM2)
                   Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
                   Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
                   Cisco Catalyst 3750G Integrated WLC
                   Cisco Wireless Controller Software for Services-Ready Engine (SRE)
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Administrator Compromise -- Remote/Unauthenticated
                   Denial of Service        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-0707 CVE-2014-0706 CVE-2014-0705
                   CVE-2014-0704 CVE-2014-0703 CVE-2014-0701

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Advisory ID: cisco-sa-20140305-wlc

Revision 1.0

For Public Release 2014 March 5 16:00  UTC (GMT)

Summary
=======

The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities:
* Cisco Wireless LAN Controller Denial of Service Vulnerability
* Cisco Wireless LAN Controller Unauthorized Access to Associated Access Points Vulnerability
* Cisco Wireless LAN Controller IGMP Version 3 Denial of Service Vulnerability
* Cisco Wireless LAN Controller MLDv2 Denial of Service Vulnerability
* Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability
* Cisco Wireless LAN Controller Crafted Frame Denial of Service Vulnerability

Cisco has released free software updates that address these vulnerabilities. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTFyueAAoJEIpI1I6i1Mx3QjIQALqJuwk1Y8YJAG+QM86XNUw3
aT3rlIPdAazREbXTX4VjLVyvdlfdhq8nQOjWf11ipkOU2FvGG+CM4fjk2Mz/4yUv
YENEQLb8PZIzAaQh+Jk40DSVlEaNw6QdM5qg/4mz35BDc03TPMOos3W1wB6/erJj
D8ml9HxU9+l29RNDkWeeatJUIrpL2jP6YiYdctBSqpm0KP4i5sv8DIMMWvMMqny0
D3rUqlLbYKGA2M6Ho9yOB7f/OF9QckDDqhkMagV1xPMF8ii+1EgLyTD1g33+6Hi5
YS/MrHiRr9g8n0NZQdcM3hfOTZc09ucw5/3iPqhC2H/XGVJOSq8w9vGNjY6dpP9s
p0CiNmoX2bISLCzKPkfM9LzeFBENJjhR0owGeGpSvwCgwJ9n97Z9xUqfok+X57QA
fenzUOv7dY508+ULBiMr98DWdx59U7fjX61i1Gl361+f8yGljSI+Cp2ObWKHy+gD
sa+Em7P7rNUZ/lkzC7vW0svqNNiZioNK9t3SP/MjSUE2qSwpPVUow+FrnR3q/o3l
B5Fi3gMxOwCu2pLFgIiIvILDRWU3t0z1PlGv2sF0QmXgFAtd0/aPRDmHTqJ2mi1N
stGO/bk1nOcUcPdPLLOy1GQeJzLCR1ow6+FRDCu7BixGjZp5U3/UZtjwoz/ebQnK
WCGLHbeJbNdGzOFxAaqz
=LECh
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUxfCwxLndAQH1ShLAQKC2w//bnpebQJCd0yxpcYc83CCyf4RJQP/4EOp
K3PyNzfrpMKcMo1dCe/SxPGO43TZnBgs2TvARl2xvCPBVSuKP+4MuMSrQypvThUi
HxW1WNZIlxNrp6MrQpc3Z+vyK57fYWfRZL+jvwrNXso4gyvoMSNVrr3qROhW7L4d
51D6GEknLbVch8EHKV2+9daCLsOvxcrlsjmUvQrr0LWJPEk7ROJjqVUn0CWOCnS1
h3DV9BmQHbxHjAxmP27GbmF28gEIO6YgHdcqVmE8evimYb5OgcHscRnq9cam4/2o
OjKcHEdqzgzhnMTFvH2ZIBp6OmKh5aYpC4i3v1LugRF4sRCeS5Kf5roWR9C/CxZB
CcntsWEbspPrGyHmefei6H56nx4fkSlvWBMin529RP7ouwKbRyAVdQ5CwiBgBEbR
JGnaevltSVG1Kw1dm24XXdOgxa7cXQ5HBrJ0rJi1ra1czQ/EIhaVUEB9uc14/rkY
07egayxVWVzMtZ70IcbW81WaKIelgvLJOERGN7oKBvVdwEvo2+nvKGvPioad/Vgz
6gVwaI2Zfd0+XeHWfjiKJUOq8AmM6j7txaN0nuBgXC1btttj5h6DV60mYZkgSK90
HS+awD8VfgaoFIN3lIy0OUeFIEFkMMXqfZEta6EX47PXKFePayfaDC9nUDu8pWI/
W69TX08pYrA=
=JP+v
-----END PGP SIGNATURE-----