Solved: CSCvh65876 - Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability

Andrii Oliinyk · ‎10-22-2018

Hello Gurus
i'm confused with mitigation information given in Cisco Advisory & Bugsearch pages for the CSCvh65876
On Advisory (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc) it's said:

Cisco Wireless LAN

Controller Major

Software Release

First Fixed Release for This Vulnerability

Recommended Release for This Vulnerability

8.3

Available from TAC¹

while on Bugsearch (https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh65876) it's said that there are Fixed releases are available already (f.e. 8.3(143.6)). Also single Known Affected Releases 8.7(1.115) mentioned on the Bugsearch page obviously doesnt match 8.3 as mentioned in Advisory... Could anybody clarify on this please?

Leo Laohoo · ‎10-22-2018

Never look at the details in the Bug ID: They are seldom updated and rarely accurate.

Always look at the Security Bulletin because it is regularly update.

The fix is to use the latest 8.5.X.X image, 8.5.135.0.

If you need to use 8.3.X.X then contact TAC so they can provide you an Engineering Release.

View solution in original post

Leo Laohoo · ‎10-22-2018

Never look at the details in the Bug ID: They are seldom updated and rarely accurate.

Always look at the Security Bulletin because it is regularly update.

The fix is to use the latest 8.5.X.X image, 8.5.135.0.

If you need to use 8.3.X.X then contact TAC so they can provide you an Engineering Release.