cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1382
Views
0
Helpful
4
Replies

SSLV3 vulnerability status check

sajinperikkat
Level 1
Level 1

Hi,

 

I have Cisco 2500 (2504) & 5500 (5508) series wireless controllers running with the IOS version '7.2.111.3' , want to understand  whether this series is still vulnerable with SSLv3 or do we need have any remediation plans? 

 

Will appreciate your quick reply. 

 

Thanks,

Sajin P 

1 Accepted Solution

Accepted Solutions

show network summary will show you the SSL versions enabled ,

 

 

View solution in original post

4 Replies 4

ali aqrabawi
Level 3
Level 3

yes , wlcs are impacted by this Vul , 

 

please see this bug which opened in this regards :

https://tools.cisco.com/bugsearch/bug/CSCur27551

 

u will find all the info you will need, 

 

but please note that the SSLv3 is no secured ,and it's vulnerability  affect all products (cisco/non-cisco) , so disable it where ever u see it , on cisco and non-cisco , on servers and clients. 

 

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118620-technote-esa-00.html

 

i hope that answer your question

Thanks for your reply Ali,

I am running 7.2.111.3 in my WLC, However my WLC is not accepting following commands "fipsconfig &  sslconfig" to check current running SSL version.

Is there any commands to identify the running SSL versions? My GUI is running with SSLV3 I would need to change that as well to TLS V1. 

Thanks,

Sajin P | +91-9916709992 

 

show network summary will show you the SSL versions enabled ,

 

 

Thanks Ali, I can see I am running with SSL V2 on all the WLC devices. So, is that version also impacted with vulnerability & we would need to move to TLS V1 ? 

RF-Network Name............................. admin-1
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable

 

Review Cisco Networking for a $25 gift card