Solved: Re: CSCvg35287%20-%20NAM%20Investigate%20multiple%20WPA/WPA2%20Vulnerabilties

Jim Cook · ‎10-17-2017

Am I to assume that all versions below 4.5(2033) are also affected? I am running 4.5(1044) in my environment, along with some 4.3 machine, are they also affected?

AdamF1 · ‎10-24-2017

I confirmed with Cisco that it does in fact affect any version that utilizes wpa2.

View solution in original post

Rodrigo Gurriti · ‎10-17-2017

I would assume that all 4.x and 3.x are affected. There is no recommendation to downgrade or workarounds.

SeanT · ‎10-19-2017

I see the status has changed to fixed for the WIFI - AnyConnect vulnerability. But I don't see a new version for download on the Cisco website. How do we get the "Fixed" AnyConnect Software?

JLimone1430 · ‎10-20-2017

I'm going to open a TAC case and see if they can provide a fixed version. I'll let you know how I make out. I've seen Cisco do that before.

Alain · ‎10-22-2017

From the advisory:

4.5.x (27-Oct-2017)

Probably need to wait a few days.

JLimone1430 · ‎10-23-2017

When I spoke to TAC they said they have a fixed version but it wasn't ready for release yet. Its good that there is a date now, maybe we'll get the release later this week. I was told the fixed version would be 4.5.3 or something similar (he said the build number could change).

Also, TAC says that Cisco recommends that all customers check with their hardware manufacturers for updated Wireless drivers.

AdamF1 · ‎10-24-2017

I confirmed with Cisco that it does in fact affect any version that utilizes wpa2.