cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
561
Views
5
Helpful
2
Replies

DNAC Naming and Spring4Shell

rasmus.elmholt
Level 7
Level 7

Hi,

 

I am looking to see if my installed version of DNAC 2.2.3.4 is vulnerable to Spring4Shell.

The CVE: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43648

It mentions 2.3.3.3 and DNAC-Ghost(unknown) and DNAC-Guardian(2.3.3.x) are vulnerable but I cannot see if 2.2.3.4 are hit as well.

Does anyone have any info on this?

1 Accepted Solution

Accepted Solutions

Hi,

It seems like only the 2.3.x.x line is hit so fare. Or at least only verified to be hit.

View solution in original post

2 Replies 2

   I rely on : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67  in this situation and they mention DNAC but they dont fill up the version.  We can see that they are still working on it as some platform has fixed release yet to be anounced.

 I will keep an eye on it as well. Thanks for share.

 

  

 

 

 

Hi,

It seems like only the 2.3.x.x line is hit so fare. Or at least only verified to be hit.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco