I got an e-mail Thursday that my 2800 APs are affected by CVE-2023-20076. They are all LAPs, managed by a 9800 WLC. I contacted Cisco TAC and the technician confirmed that despite my APs being behind a WLC, they are still vulnerable to this CVE. My questions is:
Is it the OS version of the WLC I have to look at in this case, or the OS that the APs are running? I was asked by the Cisco TAC to get the information from the AP and not the WLC, which leads me to believe that is the AP version that matters. But that version isn't listed on the vulnerable OS list.