08-20-2024 10:48 PM
Hi All,
we have run tenable scan and we have Vulnerability in Cisco 3504 wifi controler and we find the some vulnerability given below.
1.Cisco Wireless LAN Controller CAPWAP DoS (cisco-sa-wlc-capwap-dos-Y2sD9uEw)
2.Cisco Wireless LAN Controller Software Cross-Site Request Forgery (cisco-sa-20190417-wlc-csrf)
3.Cisco Wireless LAN Controller Secure Shell (SSH) Denial of Service Vulnerability (cisco-sa-20191016-wlc-ssh-dos)
4.Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) DoS (cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX)
5.Cisco Access Points Managed from WLC DoS (cisco-sa-ap-dos-h9TGGX6W)
can anyone help me to fix this issue?
08-20-2024 11:43 PM
Hello,
What version are you running, It seems you are running old version. Most of vulnerabilities are address in 8.10.190.0 and 8.10.196.0 release.
08-20-2024 11:48 PM - edited 08-20-2024 11:50 PM
- As per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
Upgrade to https://software.cisco.com/download/specialrelease/9a6a7cf84f9fdf04b95c76e2ac7820e7
and check again.
+ Standard practice for Cisco products is to evaluate against the last advisory release, if reported again and it is important
for business then contact Cisco's TAC,
M.
08-21-2024 01:53 AM
- Also regarding to an earlier reply of mine : these days Cisco and or TAC will no longer investigate in bug and or security fixes for aireos ,even when using latest software advised : for starters they will advise you to migrate to the 9800 controller based platform(s)
M.
08-21-2024 02:05 AM
@Minato wrote:
can anyone help me to fix this issue?
Read the Security Bulletin:
1. Either upgrade the firmware of the switch/stack; or
2. Implement the workaround.
09-01-2024 09:53 AM
As already highlighted - to get all available fixes you must upgrade to the latest software version as per the TAC recommended link below - currently that is 8.10.196.0. Make sure that version is compatible with all your APs in the compatibility matrix (link below) and the 8.10.196.0 release notes.
The 3504 WLC and the AireOS software are almost end of life:
https://www.cisco.com/c/en/us/products/collateral/wireless/3504-wireless-controller/eos-eol-notice-c51-744737.html
https://www.cisco.com/c/en/us/products/collateral/wireless/8500-series-wireless-controllers/wireless-software-8-10-pb.html
Cisco will provide fixes for severe security vulnerabilities up till Jan 2025. After that your only option will be migrate to currently supported Catalyst 9800 series WLCs with IOS-XE software.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide