Cisco Cisco Aironet 1200 Access Point Notas de publicación

CSCef50742—Clients no longer fail 802.1X authentication through Cisco Catalyst 2950 and 3750 
switches due to changing State (24) Field values. 

CSCef60659—A document that describes how the Internet Control Message Protocol (ICMP) could 
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control 
Protocol (TCP) has been made publicly available. This document has been published through the 
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks 
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of 
three types:

1. Attacks that use ICMP “hard” error messages 
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also 
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks 
3. Attacks that use ICMP “source quench” messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, 
depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are 
workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at the following URL: 

.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security 
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple 
vendors whose products are potentially affected. Its posting can be found at: 
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCef65076—The access point GUI no longer reports a Bad Request error when you enter a 
RADIUS server hostname on the access point.

CSCef75364—350 series access points now support the exception crashinfo command.

CSCef78627—The access point no longer reports an incorrect transmit power value for the 802.11a 
radio when you change the external antenna position from high-gain to low-gain or from low-gain 
to high-gain while the access point is on.

CSCef89795—Access points no longer send IAPP traffic on the wrong VLAN when layer 3 mobility 
is enabled.

CSCeg01125—The show crypto engine qos command no longer reboots the access point when 
SSH is enabled.

CSCeg42686—Client devices using 5-GHz radios now successfully communicate with the access 
point at up to 54 Mbps.

CSCeg64999—Access points now support EAP-SIM authentication.

CSCeg70288—On 1200 series access points, tracebacks no longer occur when you enter the 
no dot11 arp-cache command when ARP caching is already disabled.

CSCeg81122—You can now use the access point GUI to upload a configuration file larger than 
9 KB.

CSCeg82564—The encryption mode cipher command now requires you to specify a cipher.

CSCeg84849—Access points now correctly add a configured IP address to the env_vars file.

CSCeh06200—With TACACS configured, administrators can now log into the access point GUI 
when idle time is configured on the TACACS server.