04-19-2022 04:30 AM
Hi,
I am looking to see if my installed version of DNAC 2.2.3.4 is vulnerable to Spring4Shell.
The CVE: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb43648
It mentions 2.3.3.3 and DNAC-Ghost(unknown) and DNAC-Guardian(2.3.3.x) are vulnerable but I cannot see if 2.2.3.4 are hit as well.
Does anyone have any info on this?
Solved! Go to Solution.
04-20-2022 11:42 PM
Hi,
It seems like only the 2.3.x.x line is hit so fare. Or at least only verified to be hit.
04-19-2022 06:02 AM - edited 04-19-2022 06:05 AM
I rely on : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 in this situation and they mention DNAC but they dont fill up the version. We can see that they are still working on it as some platform has fixed release yet to be anounced.
I will keep an eye on it as well. Thanks for share.
04-20-2022 11:42 PM
Hi,
It seems like only the 2.3.x.x line is hit so fare. Or at least only verified to be hit.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: