04-08-2014 12:04 AM - edited 07-05-2021 12:37 AM
The Tops of our company came to us this morning and where all panic like:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Does anybody know if and what WLC Versions are a problem?
Thanks alot for your help!
04-08-2014 01:43 AM
What about cisco anyconnect? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
04-08-2014 01:46 AM
yeah, ALL cisco products for that matter - but at the moment I´m just responsible for the WLC´s :D (As they have "external" access because of the Guest users..)
04-09-2014 02:48 AM
04-08-2014 02:03 AM
See also http://www.kb.cert.org/vuls/id/720951 Cisco not yet reported.
04-08-2014 09:35 AM
It would be good to know the breakdown of which products, if any are exposed. We are looking specifically for Ironport Email Security Appliances and the email encryption appliance IEA devices.
Thanks!
04-09-2014 02:47 AM
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
04-08-2014 04:55 PM
Seems that ASA are affected according to some test exploit site.
04-09-2014 02:50 AM
04-09-2014 08:07 AM
Does anyone know specifically what versions of the AnyConnect Client for iOS are vulnerable?
04-10-2014 11:18 AM
Hey, So according to the Cisco Security Advisory the WLC is listed as non vulnerable - So the WLC HTTPs WebGUI cert does not internally use OpenSSL or at least a vulnerable version.
What about those who are using a Captive Portal for Guest Wireless?
Many people use OpenSSL to convert 3rd Party certificates for the Portal as per the Cisco guides?
04-30-2014 02:42 AM
I have the answer to my question:
Please refer to the following link which mentioned that we can’t use any other versions than openssl 0.9.8, since the controller will not accept the certificate, please check the following links which mentioned that:
https://supportforums.cisco.com/document/102151/certificate-signing-requests-wlc-open-ssl
05-01-2014 07:43 PM
That's no longer the case. OpenSSL 1.0 is supported from WLC 7.5.102 onwards.
This means if you have 7.6.X or above you should be OK to use OpenSSL 1.0 . I successfully used 1.0.1g on a very up to date Gentoo Linux box only a week ago to convert, chain and upload a new wildcard certificate to my WLC.
See: https://tools.cisco.com/bugsearch/bug/CSCti65315 for further information about this bug.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide