Re: AP2700i and CSCvg42682

54545 · ‎10-26-2017

hi Guys,

I have series of CAP2702I-E-K9 with IOS version 15.3(3)JA3, and from the description of the bug CSCvg42682 this AP2700i apparently is affected by this bug , however I haven´t seen a recommended and precise fix for this attack , has anyone gone through the same scenario and found a fix . or anyone got an idea about the recommended version?

thanks in advance

Sam

Leo Laohoo · ‎10-26-2017

CSCvg42682 is the KRACK vulnerability.

Software fix for the KRACK vulnerability is now available for download. They are 8.0.152.0, 8.2.164.0, 8.3.132.0 and 8.5.105.0.

Leo Laohoo · ‎10-29-2017

A quick update to anyone reading this thread and intending to upgrade to 8.3.132.0:
Cisco TAC has recommended anyone to HOLD OFF upgrading to 8.3.132.0. TAC has identified a Severity 1 bug which causes the controller to crash after upgrading to 8.3.132.0.
There are no reported issues in regards to other versions.

54545 · ‎10-30-2017

thanks Leo for the useful info, do you have the link where is says that WLC crashes on 8.3.132, need to provide this to the client

54545 · ‎10-30-2017

you guys have tried/installed other version than 8.3.132.0 and it is safe ? or can you recommend a safe version ?

many thanks

Leo Laohoo · ‎10-30-2017

@54545 wrote:

thanks Leo for the useful info, do you have the link where is says that WLC crashes on 8.3.132, need to provide this to the client

The Bug ID is CSCvf87731/CSCvg09245.
8.3.133.0 is now out but the Release Notes has not yet been updated.

@54545 wrote:

you guys have tried/installed other version than 8.3.132.0 and it is safe

I would recommend you stick with 8.3.X.X for now. I'm currently on 8.5.105.0 and I don't recommend this to anyone.

Blake Basch · ‎10-30-2017

What issues have you seen on 8.5?

54545 · ‎10-30-2017

if the version 8.5 is not recommended and the 8.3.132 crashes which means is not recommended as well so what the solution/fix then ?

Leo Laohoo · ‎10-30-2017

@Blake Basch wrote:

What issues have you seen on 8.5?

I'm operating 8.5.105.0 on four pairs of WiSM2 and three pairs of 8540 since last week. Yesterday alone, I have a WiSM2 crash twice (CSCvg27599) and one pair of 8540 hitting CSCvg24597. I have TAC Cases.

Blake Basch · ‎10-30-2017

I actually just reverted and took a mid day outage today due to issues with flexconnect with local switching + ISE. Random issues everywhere. Didn't see the bug in the release doc, fail on my part.

Back to 8.3.112.0

54545 · ‎10-31-2017

just had feedback from our provider/Cisco , apparently the fix to the WLC crash and krack vulnerability issorted in 8.0.152.0 . has anyone tried this code or had any issues with it ?

thanks for updating

AdoJay · ‎02-13-2018

Hi,

I have AP2700i running on ct5760-ipservicesk9.SPA.03.06.08.E.152-2.E8. I am looking at upgrading the code to a later release that would fix the issues with this bug, but at the moment cannot find one.

Were you able to get solution to this problem?

Thanks

AdoJay

54545 · ‎02-13-2018

Cisco recommended 8.0.152, i have installed this release , so far so good

AdoJay · ‎02-13-2018

That was quick. Thank you