Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2087
Views
5
Helpful
6
Replies

CVE-2022-20681 - Privilege Escalation Vulnerability

aci_network_test
Level 1
Level 1

‎04-19-2022 06:00 AM

Hi Experts , 

 

Can someone guide me how to check if this vulnerability impacting the software version which we use ,

 

Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability 

 

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-priv-esc-ybvHKO5

 

 

Cisco IOS XE Software, Version 17.03.03
Cisco IOS Software [Amsterdam], Catalyst L3 Switch Software (CAT9K_LITE_IOSXE), Version 17.3.3, RELEASE SOFTWARE (fc7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Thu 04-Mar-21 08:48 by mcpre

1 person had this problem
Labels:
0 Helpful
6 Replies 6

marce1000
VIP
VIP

‎04-19-2022 08:45 AM

 

    - FYI : https://tools.cisco.com/security/center/softwarechecker.x

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

aci_network_test
Level 1
Level 1
In response to marce1000

‎04-19-2022 09:05 AM

First available fix is 17.3.5 , So should we upgrade the IOS in this case ?

0 Helpful

marce1000
VIP
VIP
In response to aci_network_test

‎04-19-2022 09:18 AM

 

 - That depends on your security 'needs' and requirements , banks for instance may upgrade immediately , it needs to be assessed with IT staff and organization.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎04-19-2022 03:52 PM

Upgrade directly to 17.3.5.

aci_network_test
Level 1
Level 1
In response to Leo Laohoo

‎04-22-2022 07:32 AM

@Leo Laohoo 

 

17.3.5 has a bug CSCwb13784  .

 

APs not able to join 9800 due to invalid path MTU in AP Join request.

 

Symptom: APs not able to join 9800 running 17.3.5, 17.6.2, 17.7.1 9800 ra-traces with ethernet mac: AP disconnect initiated. Reason: Invalid path MTU, Phase: Join Invalid MTU value 0 in join request

 

 

https://bst.cisco.com/quickview/bug/CSCwb13784 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to aci_network_test

‎04-22-2022 06:57 PM - edited ‎04-22-2022 06:58 PM

@aci_network_test wrote:

@Leo Laohoo 

17.3.5 has a bug CSCwb13784  .

REMINDER:  

  1. Every Cisco firmware has bugs.  End users, like you and me, are code "testers" because Cisco has stopped testing their own codes.  I, for instance, have been "beta testing" Cisco firmware for more than 10 years and I "have been more busy than ever" since Cisco introduced IOS-XE.  
  2. Cisco "gold star" does not mean the "good quality", "quality assured" nor "tested".  The "gold star" is the complete opposite to "Cisco Safe Harbor".  

The question is this:  Are you hitting CSCwb13784?  

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card