Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1183
Views
5
Helpful
7
Replies

LIGHT TPD VULNERABILITY ON AP 3802E-E-K9

ugwuugochukwuk
Level 1
Level 1

‎02-23-2022 01:36 AM

Hello All, 

 

A customer of mine did a vulnerability scan and reported the vulnerability below:

 

"This vulnerability was identified because (1) the detected version of Lighttpd, 1.4.38, is less than 1.4.50
Paths:
/"

 

I tried accessing the device remotely but couldn't log on. We checked the DHCP pool and the device was an Access Point. I'm a bit confused because from my understanding, the lighttpd vulnerability only affects Cisco IOS-XR devices. 

 

I want to confirm if the reported vulnerability also affects Access Points and if it does, how can it be fixed.

 

Thanks in anticipation!!!

0 Helpful
7 Replies 7

marce1000
VIP
VIP

‎02-23-2022 03:39 AM

 

                                     >... how can it be fixed.

 The best approach usually is to (try) and use the latest advisory software release for the particular cisco device and check if it still vulnerable

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

ugwuugochukwuk
Level 1
Level 1
In response to marce1000

‎02-23-2022 03:44 AM

Hello Marce,

 

Thanks for your response.

 

But is an AP supposed to report such vulnerability ?? My research about the vulnerability shows it only affects cisco devices running IOS-XR

0 Helpful

marce1000
VIP
VIP
In response to ugwuugochukwuk

‎02-23-2022 03:49 AM

 

                      >....But is an AP supposed to report such vulnerability

  - Probably not but your scanning tool will not be wrong neither, so my  advise still remains in place or else you need to verify with other vulnerability scanner that has same reporting capabilities.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to ugwuugochukwuk

‎02-23-2022 05:35 AM

APs typically don't run a web server, unless they are in Mobility Express mode. 

If you are utilizing that feature, then yes it might be vulnerable: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn48153?rfs=iqvred

0 Helpful

Rich R
VIP
VIP

‎02-23-2022 08:26 AM - edited ‎02-23-2022 08:33 AM

CAPWAP APs also contain a webserver for OEAP (Office Extend) functionality where the user gets a simple web interface for managing their client side access.

Disabling Office Extend should disable the web server (though might not?).

You didn't mention whether the AP is ME or CAPWAP or what software version it's running?

Either way as @marce1000 suggested you should, in any case, update to latest software as per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html or https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html to make sure you eliminate a whole host of other security vulnerabilities that may not have been detected.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎02-23-2022 08:30 AM

Out of curiosity, are you running Mobility Express or are these joined to a controller?

-Scott
*** Please rate helpful posts ***
0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎02-23-2022 08:31 AM - edited ‎02-23-2022 08:32 AM

You need to ask for CVE ID for the vulnerability they highlighted. Then you can search that CVE ID in the below Cisco database.

Security Advisories (cisco.com)

If it is listed here, you will find the workarounds if there is any. Or open a case with TAC with CVE ID, they will tell you whether it is impacting the AP or not.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card