Cisco Lightweight Access Point Over-the-Air Provisioning Manipulation Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=18919

"Cisco Lightweight Access Points contain a vulnerability that could
allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition.

The vulnerability is due to insufficient security protections during
wireless access point association sequences. An unauthenticated, remote
attacker could exploit this vulnerability by injecting malicious packets
into the wireless network where newly added access points are seeking
controllers. This action could allow the attacker to cause the device
to associate to a rogue controller, preventing the device from servicing
network clients. An exploit could result in a DoS condition.

Cisco has confirmed this vulnerability; however, software updates are
not yet available.

Cisco Lightweight Wireless Access Point 1100 and 1200 Series devices are
affected by this vulnerability.

No other Cisco devices are known to be affected."

It is recommended that we prepare for a patch to be released from Cisco
to combat this vulnerability.

According to the report, "Only wireless access points that are deployed
without a setup configuration are vulnerable. Devices using Locally
Significant Certificates (LSCs) or devices with preferred controller
lists configured are not vulnerable."

One workaround would be to ensure all of our LWAP's are deployed with a
setup configuration, LSC or preferred controller lists.