I have a client who reports the following vulnerability in the WLC cisco:
The server accepts connections using SSL 2.0, SSL 3.0, TLS 1.0 and / or TLS 1.1. These versions contain many cryptographic weaknesses and are considered obsolete by the regulatory bodies. An attacker can use these vulnerabilities to carry out Man in the Middle (MitM) attacks or decrypt communications between client and server.
How can I verify if this vulnerability exists in my WLC, how would it be mitigated? Or, on the contrary, how do I show the client that the WLC does not have the vulnerability?
I share some data from my WLC:
Product Version.................................. 18.104.22.168
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 22.214.171.124
Firmware Version................................. PIC 16.0
Thank you for your help and contributions.
- >How can I verify if this vulnerability exists in my WLC,
By using security analysis tools that can detect these type of vulnerabilities.
> Or, on the contrary, how do I show the client that the WLC does not have the vulnerability?
>how would it be mitigated?
The only thing you can do is upgrade the controller to the latest software version for the particular platform; one summary command to give an initial overview of the (remaining) available cipher is :
nmap --script ssl-enum-ciphers controllername
On the WLC under Security - Web Auth - Secure Web, is Cipher-Option High enabled?
Or on the CLI: config network secureweb cipher-option high enable
You need to reload your WLC after enabling this.
That will disable the older versions and should only allow TLS 1.2. If you don't have that option, it might be possible that you need to upgrade your WLC to a newer software (make sure your used APs are still supported!).
It seems your version contains a bug and doesn't disable the old versions. It's fixed in 126.96.36.199 and in the not yet available 188.8.131.52 (if this version will ever be released). You can also raise a TAC to receive 8.3MR4 which has probably fixed it.
Thanks for your help, it was very useful for me.
Excuse me, but know the command to see the SSL and TLS versions that are enabled in the WLC.
I'm not sure you can directly see that on the WLC. You can probably test this by using Nessus: