Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1411
Views
5
Helpful
6
Replies

WLC IOS vulnarability

abinaya.2.r
Level 1
Level 1

ā€Ž12-09-2018 08:07 PM - edited ā€Ž07-05-2021 09:33 AM

Hi,

I have a Cisco WLC 5508 running on IOS version 8.0.140.0. As we are currently running security audits and want to ensure what we have installed does not come up with vulnerabilities. I do not prefer upgrading this IOS unless there is a reported/tested issue.

Do we have any reported bugs/vulnerabilities on this version?

If so, what would be the next recommended version for this WLC?

 

Labels:
0 Helpful
6 Replies 6

Rasika Nayanajith
VIP Alumni
VIP Alumni

ā€Ž12-09-2018 08:40 PM

8.0.152.0 is the latest on 8.0.x code train. Pls check below release notes & see what vulnerabilities/bugs it addressed

https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr5.html

 

If you have newer model APs, you may be able to upgrade to either 8.2.170.0 or 8.5.140.0 depend on your AP models supported in these codes. Pls check from below table & decide

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#56735

 

Whatever code you go with, read release note beforehand of upgrading.

https://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-release-notes-list.html

 

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

abinaya.2.r
Level 1
Level 1

ā€Ž12-09-2018 09:04 PM

Thank you.

This is for the anchor WLC and we have 2500 model of WLCs anchoring to this 5508 WLC. These 2500 model of WLCs are running on old versions say 7.x.

SO, wanted to make sure if the  anchor WLC running on 8.0.140.0 has any bugs/issues.

Also need some suggestion on the IOS 8.0.152.0(MD). for this anchor WLC 5508 WLC

 

0 Helpful

Rasika Nayanajith
VIP Alumni
VIP Alumni
In response to abinaya.2.r

ā€Ž12-09-2018 09:20 PM

If that is the case, I would upgrade 5508 Anchor to 8.0.152.0.

 

If you are still running 7.0.x on foreign controllers, I think those may have more vulnerabilities than your anchor WLC

 

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

abinaya.2.r
Level 1
Level 1
In response to Rasika Nayanajith

ā€Ž12-09-2018 09:43 PM

yes. There is separate plan for foreign controllers. First we would focus on anchor WLCs.

So, I am looking for any reported issues on 8.0.140.0 on anchor wlc. If there is no vulnerability on 8.0.140.0, then I need not upgrade.

0 Helpful

Rasika Nayanajith
VIP Alumni
VIP Alumni
In response to abinaya.2.r

ā€Ž12-09-2018 09:52 PM

You can read 8.0.140.0 release notes & it should list under "open caveats" any known issues at the time of releasing 8.0.140.0

 

Also check in 8.0.152.0 release notes for "resolved caveats" to see how many of those addressed in that code.

 

Recommended code in 8.0.x is 8.0.152.0 which is last code of that path.

 

HTH

Rasika 

Rich R
VIP
VIP
In response to Rasika Nayanajith

ā€Ž12-10-2018 06:42 AM

And refer to https://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-security-advisories-list.html and https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-70108 for Security Advisories issued *after* the 8.0.152.0 release.  Some of those are only fixed in 8.2.170.0 and later.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card