Cisco Cisco Aironet 1310 Access Point Bridge
14
Release Notes for Cisco Aironet 1300 Series Outdoor Access Point/Bridge for Cisco IOS Release 12.3(4)JA1
OL-8216-01
Caveats
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at
.
•
CSCef65076—The access point GUI no longer reports a Bad Request error when you enter a
RADIUS server hostname on the access point.
RADIUS server hostname on the access point.
•
CSCef89795—Access points no longer send IAPP traffic on the wrong VLAN when layer 3 mobility
is enabled.
is enabled.
•
CSCeg64999—Access points now support EAP-SIM authentication.
•
CSCeg87391—Bridges now display temperature correctly when you enter the show env command.
•
CSCeh06200—With TACACS configured, administrators can now log into the access point GUI
when idle time is configured on the TACACS server.
when idle time is configured on the TACACS server.
•
CSCeh08952—Access points now correctly filter traffic through the TCP port when an IP filter is
configured.
configured.
•
CSCsa40042, CSCsa40045—The user interfaces on the access point/bridge no longer allow you to
configure the bridge to fall back to repeater mode.
configure the bridge to fall back to repeater mode.
•
CSCsa40861—Access points configured for a fallback role now assume the fallback role if the LAN
interface is down when they reboot.
interface is down when they reboot.
•
CSCsa52462—Access points configured for CKIP or CMIC now indicate CKIP and CMIC support
in beacons.
in beacons.
•
CSCsa59600—A document that describes how the Internet Control Message Protocol (ICMP) could
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages. 2. Attacks that use ICMP “fragmentation needed
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages.
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages.
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at
.