Cisco Talos has provided the following command to check for the presence of the implant where systemip is the IP address of the system to check. This command should be issued from a workstation with access to the system in question:

curl -k -X POST "https://systemip/webui/logoutconfirm.html?logon_hash=1"

If the request returns a hexadecimal string, the implant is present.

Note: If the system is configured for HTTP access only, use the HTTP scheme in the command example.

Weirdly enough, Cisco is discovering new impacted releases every day.
I checked the current code 17.9.3 I'm running for this vulnerability the last week an it was not impacted, now it is:

In your case it is also recommending 17.9.5 (the one I'm looking for as next step forward), but in my case only recommends 17.9.4a.

I have been sick for a couple of days ( still is ), so I have not kept up to date with this thread. This is just a quick update , from what I have heard fixes for both CVEs mentioned should be made available Sunday ( fingers crossed ).

I see the PSIRT have been updated with fixed software release versions ... bascially the version is  "take your current recommended software and add an "a" to the end"

17.9.4a it says is available, but I cant find it on CCO. ?

The other releases are still TBD.

I can confirm that disabling HTTP server in WLC breaks Guest wireless as it doesn't redirect when using CWA and Captive Portal.

New software is now on CCO.

(and lets just ignore the release date).

But the wording on that warning is strange.

So i cannot install the "a" version if I have a APSP/SMU installed on 17.9.4 ? Or is it just not recommended because it takes longer to install a full version then a SMU ? - Please clarify it Cisco ... CLARIFY !!!!!