POODLE and WLC's
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2014 12:14 PM - edited 07-05-2021 01:54 AM
If you drilll down in the POODLE security advisory ( Advisory ID: cisco-sa-20141015-poodle) into the Affected products and then to the vulnerable produst and almost at the end you find
Cisco Wireless LAN Controller (WLC) [CSCur27551]
If you open up this bug report it ONLY identifies and lists the 5508. So... does this mean that none of the other controllers such as the 4400.2500, WiSM and WiSM2 are effected? Kind of difficult to beleive since they are are interrelated (at least the 5508 and WiSM2).
Anyone know?
Thanks!
- Labels:
-
Wireless LAN Controller

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2014 02:11 PM
This SSL v3 Poodle attack / Portal attack is limited to 5508 controllers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2014 07:12 AM
Great, Thanks for the reply and one more question because the bug report is still a bit vague and confusing:
It states that the Known Affected Releases: (2) are 7.6.130.0 and 8.0.100.0
Does that mean that earlier releases are NOT affected?? Our 5508's are on 7.4.121
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2014 06:30 PM
Hi,
All the possible previous releases are affected because of the way Protocol is implemented. I think in 7.4 chain , the fix might come when you would have next 7.4 MR.
Regards
Dhiresh
**Please rate helpful posts**
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2014 07:18 PM
Hi,
Also any product using SSLv3 and trying https is affected so rest of the WLC also come under this definition.
Regards
Dhiresh
**Please rate helpful posts**
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2014 06:33 AM
Hmmm, two answers for which WLC's are vulnerable, both marked correct and contradicting each other. I have to wonder why Cisco only listed the 5508 in the bug report and only listed 2 versions of RTOS. I hate to make assumptions even if they seem to make sense so hopefully Cisco will update and revise the advisory...
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2014 10:57 PM
Hi,
Any device in the world which uses SSLv3 is affected and not only wireless controllers. So if you are accessing any box (any series and any Vendor )using SSLv3 ..It is affected untill they fix it in the future versions.
Regards
Dhiresh
