cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
470
Views
2
Helpful
5
Replies

Cisco 3504 wifi controler Vulnerability

Minato
Level 1
Level 1

Hi All,

we have run tenable scan and we have Vulnerability in Cisco 3504 wifi controler and we find the some vulnerability given below.

1.Cisco Wireless LAN Controller CAPWAP DoS (cisco-sa-wlc-capwap-dos-Y2sD9uEw)

2.Cisco Wireless LAN Controller Software Cross-Site Request Forgery (cisco-sa-20190417-wlc-csrf)

3.Cisco Wireless LAN Controller Secure Shell (SSH) Denial of Service Vulnerability (cisco-sa-20191016-wlc-ssh-dos)

4.Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) DoS (cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX)

5.Cisco Access Points Managed from WLC DoS (cisco-sa-ap-dos-h9TGGX6W)

 

can anyone help me to fix this issue?

 

5 Replies 5

shambhu.kumar
Spotlight
Spotlight

Hello,

What version are you running, It seems you are running old version. Most of vulnerabilities are address in 8.10.190.0 and 8.10.196.0 release.

marce1000
VIP
VIP

 

   - As per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
   Upgrade to https://software.cisco.com/download/specialrelease/9a6a7cf84f9fdf04b95c76e2ac7820e7
   and check again.

  + Standard practice for Cisco products is to evaluate against the last advisory release, if reported again and it is important
     for business then contact Cisco's TAC, 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000
VIP
VIP

 

  - Also regarding to an earlier reply of mine : these days Cisco and or TAC will no longer investigate in bug  and or security fixes for aireos ,even when using latest software advised : for starters they will advise you to migrate to the 9800 controller based platform(s)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Leo Laohoo
Hall of Fame
Hall of Fame

@Minato wrote:
can anyone help me to fix this issue?

Read the Security Bulletin: 

1.  Either upgrade the firmware of the switch/stack; or

2.  Implement the workaround.

Rich R
VIP
VIP

As already highlighted - to get all available fixes you must upgrade to the latest software version as per the TAC recommended link below - currently that is 8.10.196.0.  Make sure that version is compatible with all your APs in the compatibility matrix (link below) and the 8.10.196.0 release notes.

The 3504 WLC and the AireOS software are almost end of life:
https://www.cisco.com/c/en/us/products/collateral/wireless/3504-wireless-controller/eos-eol-notice-c51-744737.html
https://www.cisco.com/c/en/us/products/collateral/wireless/8500-series-wireless-controllers/wireless-software-8-10-pb.html
Cisco will provide fixes for severe security vulnerabilities up till Jan 2025.  After that your only option will be migrate to currently supported Catalyst 9800 series WLCs with IOS-XE software.

Review Cisco Networking for a $25 gift card