cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
136
Views
10
Helpful
3
Replies
Highlighted
Beginner

Information request - New vulnerability in WLC

Hello everyone,

Regarding the vulnerability which was published through the below link, anyone can tell me me please if the versions of both WLCs that we manage are vulnerable ?

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw

because in the bug link, only the version 8.8(120.0) is mentioned.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq59667

Cisco controllers we manage:

WLC 1 
Model: Cisco 5508 WLC (5500 serie)
Version 8.5.151.0

WLC 2 
Model: Cisco 2504 WLC (2500 serie)
Version 8.5.151.0

Thank you.

Regards,

3 REPLIES 3
Highlighted
Hall of Fame Master

Re: Information request - New vulnerability in WLC

>From the link you posted, you need to look at the advisory page. That shows the first fixed version and typically anything prior to that is vulnerable.
-Scott
*** Please rate helpful posts ***
Highlighted
VIP Engager

Re: Information request - New vulnerability in WLC

 

 Ref  : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw#fs

Fixed Releases

In the following table, the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by all the vulnerabilities described in this bundle of advisories and which release includes fixes for those vulnerabilities.

Cisco WLC Major Software Release First Fixed Release for This Vulnerability Recommended Release for All Vulnerabilities Described in This Bundle of Advisories
8.5 and earlier 8.5.160.0 8.5.161.01
8.6 8.8.130.0 8.8.130.0
8.7 8.8.130.0 8.8.130.0
8.8 8.8.130.0 8.8.130.0
8.9 8.10.105.0 8.10.121.0
8.10 8.10.105.0 8.10.121.0

1. If the deployment is based on a Mobility Express controller, Cisco recommends migrating to Release 8.8.130.0.

Highlighted
VIP Advocate

Re: Information request - New vulnerability in WLC

As per Marce1000 list, your current version is affected by the bug, as you are running 8.5.151.0 which is older than the fixed 8.5.160.0.
CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey