cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

CVE-2022-20681 - Privilege Escalation Vulnerability

aci_network_test
Beginner
Beginner

Hi Experts , 

 

Can someone guide me how to check if this vulnerability impacting the software version which we use ,

 

Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability 

 

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-priv-esc-ybvHKO5

 

 

Cisco IOS XE Software, Version 17.03.03
Cisco IOS Software [Amsterdam], Catalyst L3 Switch Software (CAT9K_LITE_IOSXE), Version 17.3.3, RELEASE SOFTWARE (fc7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Thu 04-Mar-21 08:48 by mcpre

6 REPLIES 6

marce1000
VIP Mentor VIP Mentor
VIP Mentor

First available fix is 17.3.5 , So should we upgrade the IOS in this case ?

 

 - That depends on your security 'needs' and requirements , banks for instance may upgrade immediately , it needs to be assessed with IT staff and organization.

 M.

Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend

Upgrade directly to 17.3.5.

@Leo Laohoo 

 

17.3.5 has a bug CSCwb13784  .

 

APs not able to join 9800 due to invalid path MTU in AP Join request.

 

Symptom: APs not able to join 9800 running 17.3.5, 17.6.2, 17.7.1 9800 ra-traces with ethernet mac: AP disconnect initiated. Reason: Invalid path MTU, Phase: Join Invalid MTU value 0 in join request

 

 

https://bst.cisco.com/quickview/bug/CSCwb13784 


@aci_network_test wrote:

@Leo Laohoo 

17.3.5 has a bug CSCwb13784  .


REMINDER:  

  1. Every Cisco firmware has bugs.  End users, like you and me, are code "testers" because Cisco has stopped testing their own codes.  I, for instance, have been "beta testing" Cisco firmware for more than 10 years and I "have been more busy than ever" since Cisco introduced IOS-XE.  
  2. Cisco "gold star" does not mean the "good quality", "quality assured" nor "tested".  The "gold star" is the complete opposite to "Cisco Safe Harbor".  

The question is this:  Are you hitting CSCwb13784?  

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: