Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3309
Views
0
Helpful
8
Replies

sweet 32 vulnerability on port 16113 How to Address in cisco WLC

AK002
Level 1
Level 1

‎03-25-2019 09:20 AM - edited ‎07-05-2021 10:07 AM

Team,

 

sweet 32 vulnerability on port 16113 How to Address in cisco WLC 2504 and 5508

 

Can any one came across this with any solution.

Labels:
0 Helpful
8 Replies 8

Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎03-25-2019 09:46 AM

What is the code running on your controller?

 

Is it possible to share the complete vulnerability details?

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

AK002
Level 1
Level 1
In response to Sathiyanarayanan Ravindran

‎03-26-2019 02:13 AM

Hi
Hi Sathiya,

Cisco 2500 wireless controller(software version 8.2.170.0) on ports 443 and 16113
Cisco 5500 wireless controller (software version 8.5.135.0) on ports 443 and 16113

After this command 443 is disabled but 16113 port still showing Vulnerability after security scan

config network secureweb cipher-option high enable and config network web-auth secureweb cipher-option high

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-25-2019 10:51 PM

@AK002 wrote:

Can any one came across this with any solution.

SWEET32 is a very, very, very old vulnerability (LINK). 

Several firmware versions have already been released to fix this vulnerability.  

0 Helpful

AK002
Level 1
Level 1
In response to Leo Laohoo

‎03-26-2019 02:30 AM

Hi leo,

 

Cisco 2500 wireless controller(software version 8.2.170.0) on ports 443 and 16113
Cisco 5500 wireless controller (software version 8.5.135.0)  on ports 443 and 16113

 

I seen that Bug ID already from the link which you have shared but what is the software version I need to upgrade

 

CSCvb48603

Known Affected Releases
8.0(140.0)
8.3(102.0)
 
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to AK002

‎03-26-2019 02:55 AM

@AK002 wrote:

I seen that Bug ID already from the link which you have shared but what is the software version I need to upgrade

Use the LATEST train or version.  

0 Helpful

AK002
Level 1
Level 1
In response to Leo Laohoo

‎03-26-2019 05:23 AM

Hi Leo,

 

The Latest train which they given is 8.4, That was already in deferral release train..

 

Also 5508 controller upgraded with 8.5.135.0, So from that bug information they have given only up to 8.4.. So need some suggestion after seeing that versions.

CSCvb48603

 

Known Fixed Releases

 8.4(100.0)

8.4(1.93)
8.3(114.11)
8.3(111.0)
8.3(104.128)
8.2(151.0)
8.2(145.25)
8.0(150.0)
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to AK002

‎03-26-2019 08:30 AM

That means 8.5 is already fixed or was never affected by it, so is 8.2.170.0.
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to AK002

‎03-26-2019 10:39 PM

As what Patrick (below) states, use the latest 8.5.X.X firmware.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card