cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

LIGHT TPD VULNERABILITY ON AP 3802E-E-K9

ugwuugochukwuk
Beginner
Beginner

Hello All, 

 

A customer of mine did a vulnerability scan and reported the vulnerability below:

 

"This vulnerability was identified because (1) the detected version of Lighttpd, 1.4.38, is less than 1.4.50
Paths:
/"

 

I tried accessing the device remotely but couldn't log on. We checked the DHCP pool and the device was an Access Point. I'm a bit confused because from my understanding, the lighttpd vulnerability only affects Cisco IOS-XR devices. 

 

I want to confirm if the reported vulnerability also affects Access Points and if it does, how can it be fixed.

 

Thanks in anticipation!!!

7 REPLIES 7

marce1000
VIP Mentor VIP Mentor
VIP Mentor

 

                                     >... how can it be fixed.

 The best approach usually is to (try) and use the latest advisory software release for the particular cisco device and check if it still vulnerable

 M.

Hello Marce,

 

Thanks for your response.

 

But is an AP supposed to report such vulnerability ?? My research about the vulnerability shows it only affects cisco devices running IOS-XR

 

                      >....But is an AP supposed to report such vulnerability

  - Probably not but your scanning tool will not be wrong neither, so my  advise still remains in place or else you need to verify with other vulnerability scanner that has same reporting capabilities.

 M.

APs typically don't run a web server, unless they are in Mobility Express mode. 

If you are utilizing that feature, then yes it might be vulnerable: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn48153?rfs=iqvred

rrudling
VIP Advocate VIP Advocate
VIP Advocate

CAPWAP APs also contain a webserver for OEAP (Office Extend) functionality where the user gets a simple web interface for managing their client side access.

Disabling Office Extend should disable the web server (though might not?).

You didn't mention whether the AP is ME or CAPWAP or what software version it's running?

Either way as @marce1000 suggested you should, in any case, update to latest software as per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html or https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html to make sure you eliminate a whole host of other security vulnerabilities that may not have been detected.