05-28-2019 01:53 PM - edited 07-05-2021 10:28 AM
Recently we ran a Nmap scan of our wireless network using a client connected via Wifi. The scan showed common ports over the dynamic interfaces (80,443, 22,) as open and reachable from the client. Further testing showed that we were able to connect to the dynamic interface IP over one of the open ports. I suspect this may be a vulnerability that Cisco needs to address. Any suggestions as to what can be done to restrict access to the dynamic interfaces over these ports? We have attempted to apply an ACL to the dynamic and WLAN interfaces without any success. Keep in mind the dynamic interfaces are reachable from a client over the CAPWAP tunnel.
05-29-2019 12:02 AM
05-29-2019 11:03 AM
We are running 8.2.170. The management over wireless option is not enabled.
06-03-2019 05:04 AM
06-03-2019 08:36 AM
06-05-2019 11:19 PM
Some weeks ago a security issue was uncovered in regards to open ports directly on the 2800, 1800, 3800 APs, but I don't think the same applies here.
I just checked my WLC and scanned its dynamic interface with a wireless client inside that VLAN and nmap showed SSH and HTTPS as open ports. I tried to connect to them, but the WLC (correctly) refused the connection. So I think those ports are indeed open, but no service is offered to the client behind those ports.
Using 8.5.140.0 here on a 5520.
06-06-2019 06:25 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide