Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1734
Views
35
Helpful
5
Replies

CSCwa47322 - Eval of enterprise_sdn for Log4j RCE (Log4Shell) Vuln

Go to solution
dgoodenberger
Level 1
Level 1

‎12-14-2021 09:35 AM

Are Shockwave/Fury/Cyclops internal code names for DNAC releases?  Would you please provide version numbers as well, so I have something to compare against my installed version?  Thanks!

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tomas de Leon
Cisco Employee
Cisco Employee

‎12-14-2021 10:25 AM 

Known Affected Releases (4)
DNAC-Cyclops (2.1.2.0, 2.1.2.3, 2.1.2.4, 2.1.2.5, 2.1.2.6, 2.1.2.7)
DNAC-Fury (2.2.2.0, 2.2.2.1, 2.2.2.3, 2.2.2.4, 2.2.2.5, 2.2.2.6, 2.2.2.7)
DNAC-Shockwave (2.2.3.0, 2.2.3.3)
DNAC-Frey (2.3.2.0)
DNAC-Guardian (not available yet and not versioned)

 

Updates will be refreshed here:

Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd?s=09

Cisco DNA Center (CSCwa47322)
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322

 

View solution in original post

5 Replies 5

Go to solution
Tomas de Leon
Cisco Employee
Cisco Employee

‎12-14-2021 10:25 AM 

Known Affected Releases (4)
DNAC-Cyclops (2.1.2.0, 2.1.2.3, 2.1.2.4, 2.1.2.5, 2.1.2.6, 2.1.2.7)
DNAC-Fury (2.2.2.0, 2.2.2.1, 2.2.2.3, 2.2.2.4, 2.2.2.5, 2.2.2.6, 2.2.2.7)
DNAC-Shockwave (2.2.3.0, 2.2.3.3)
DNAC-Frey (2.3.2.0)
DNAC-Guardian (not available yet and not versioned)

 

Updates will be refreshed here:

Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd?s=09

Cisco DNA Center (CSCwa47322)
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322

 

Go to solution
Sylvain_Che
Level 1
Level 1

‎12-23-2021 06:35 AM

@Tomas de LeonDNAC2.2.2.8 is marked both as Affected and Fixed release.

Can you please confirm if this release is affected or not?

 

Thanks.

Sylvain.

0 Helpful

Go to solution
Tomas de Leon
Cisco Employee
Cisco Employee
In response to Sylvain_Che

‎12-23-2021 07:09 AM

Sylvain,

That is a glitch in the reporting and is to be fixed.

Please refer to:

 

Release Notes for Cisco DNA Center, Release 2.2.2.x
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-2-2/release_notes/b_cisco_dna_center_rn_2_2_2.html#Cisco_Concept.dita_1aac2b20-6a07-4b8c-b77e-0e8a218d50a3

 

CSCwa47322 - Evaluation of enterprise_sdn for Log4j RCE (Log4Shell) Vulnerability vulnerability
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47322

 

RN-CiscoDNACenter2.2.2.8.png

Go to solution
wanwa01
Level 1
Level 1

‎12-29-2021 06:07 PM

Hi guys,

I got DNAC box running 1.3.3.7

can someone pls confirm if this version affected as well? It seems no stated in the affected list.

0 Helpful

Go to solution
Tomas de Leon
Cisco Employee
Cisco Employee
In response to wanwa01

‎12-29-2021 07:18 PM

Yes, 1.3.3.x is affected.

A would suggest planning your maintenance windows so that you can upgrade to either versions 2.2.2.8 or 2.2.3.4.

0 Helpful
Customers Also Viewed These Support Documents