cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1381
Views
35
Helpful
5
Replies
dgoodenberger
Beginner

CSCwa47322 - Eval of enterprise_sdn for Log4j RCE (Log4Shell) Vuln

Are Shockwave/Fury/Cyclops internal code names for DNAC releases?  Would you please provide version numbers as well, so I have something to compare against my installed version?  Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Tomas de Leon
Cisco Employee

Known Affected Releases (4)
DNAC-Cyclops (2.1.2.0, 2.1.2.3, 2.1.2.4, 2.1.2.5, 2.1.2.6, 2.1.2.7)
DNAC-Fury (2.2.2.0, 2.2.2.1, 2.2.2.3, 2.2.2.4, 2.2.2.5, 2.2.2.6, 2.2.2.7)
DNAC-Shockwave (2.2.3.0, 2.2.3.3)
DNAC-Frey (2.3.2.0)
DNAC-Guardian (not available yet and not versioned)

 

Updates will be refreshed here:

Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd?s=09

Cisco DNA Center (CSCwa47322)
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322

 

View solution in original post

5 REPLIES 5
Tomas de Leon
Cisco Employee

Known Affected Releases (4)
DNAC-Cyclops (2.1.2.0, 2.1.2.3, 2.1.2.4, 2.1.2.5, 2.1.2.6, 2.1.2.7)
DNAC-Fury (2.2.2.0, 2.2.2.1, 2.2.2.3, 2.2.2.4, 2.2.2.5, 2.2.2.6, 2.2.2.7)
DNAC-Shockwave (2.2.3.0, 2.2.3.3)
DNAC-Frey (2.3.2.0)
DNAC-Guardian (not available yet and not versioned)

 

Updates will be refreshed here:

Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd?s=09

Cisco DNA Center (CSCwa47322)
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322

 

Sylvain_Che
Beginner

@Tomas de LeonDNAC2.2.2.8 is marked both as Affected and Fixed release.

Can you please confirm if this release is affected or not?

 

Thanks.

Sylvain.

Sylvain,

That is a glitch in the reporting and is to be fixed.

Please refer to:

 

Release Notes for Cisco DNA Center, Release 2.2.2.x
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-2-2/release_notes/b_cisco_dna_center_rn_2_2_2.html#Cisco_Concept.dita_1aac2b20-6a07-4b8c-b77e-0e8a218d50a3

 

CSCwa47322 - Evaluation of enterprise_sdn for Log4j RCE (Log4Shell) Vulnerability vulnerability
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322

 

RN-CiscoDNACenter2.2.2.8.png

wanwa01
Beginner

Hi guys,

I got DNAC box running 1.3.3.7

can someone pls confirm if this version affected as well? It seems no stated in the affected list.

Yes, 1.3.3.x is affected.

A would suggest planning your maintenance windows so that you can upgrade to either versions 2.2.2.8 or 2.2.3.4.