cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
361
Views
0
Helpful
3
Replies
Beginner

AIR-AP2802I-E-K9 with Version 8.5.140.0 with HIGH RISK (Vulnerability) LIGHTTPD

Our Vulnerability Scanner says that the cisco AIR-AP2802I-E-K9 is a High Risk.

The Reason for that is that the process Lighttpd is unsecure. Lighttpd is from a another vendor.

 

When you follow this link you can see that the vendor already fixed this prblem with an update.

https://tools.cisco.com/security/center/viewAlert.x?alertId=60000 

 

But how can I fix this problem? Is Lighttpd integrated in the Cisco IOS and i have to do a cisco update?

The other option is how can I disable lighttpd?

The Vulnerability Scanner hat following Solutionsuggestion: upgrade to version 1.4.54 or later of Lighttpd

how can I update Lighttpd on this accesspoint?

Everyone's tags (4)
3 REPLIES 3
Highlighted
Hall of Fame Community Legend

Re: AIR-AP2802I-E-K9 with Version 8.5.140.0 with HIGH RISK (Vulnerability) LIGHTTPD

NO idea how "accurate" the scan is.  The LIGHTTPD vulnerability was discovered way back 2014 and affects only IOS-XR. 

1800/2800/3800 don't run this kind of code.  

Cisco IOS XR Software lighttpd TCP Session Vulnerability

Beginner

Re: AIR-AP2802I-E-K9 with Version 8.5.140.0 with HIGH RISK (Vulnerability) LIGHTTPD

@Leo Laohoo wrote:
The LIGHTTPD vulnerability was discovered way back 2014 and affects only IOS-XR.

Um, the link OP provided clearly says CVE-2019-11072, first published 2019 April 22 22:21 GMT.

VIP Advocate

Re: AIR-AP2802I-E-K9 with Version 8.5.140.0 with HIGH RISK (Vulnerability) LIGHTTPD

Here some more details (the link at the top doesn't work for me, as there was a space after the last 0):
https://tools.cisco.com/security/center/viewAlert.x?alertId=60000

Anyway, I don't think this is a very critical issue, unless your ME management IP is reachable from the internet. The bug doesn't show any specific impact to any Cisco products. Either they haven't yet tested the products, or indeed nothing is vulnerable.
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards