×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Pen test showed the WLC-5508 is vulnerable

Unanswered Question
Feb 4th, 2014
User Badges:

Guys,


Does anyone know of a specific bug that covers CVE-2010-4180 for the Cisco WLC-5508? The description of the bug is "A flaw has been found in the OpenSSL SSL/TLS server code where an old bug workaround allows malicous clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. "


I've found bug id CSCtk61443 but this only covers the ASA and has been resolved.


I am currently running version 7.4.100.60.


Does anyone know if future versions of code resolve this vulenerability?


Anyhelp in this instance is appreciated.


Thanks,


Thomas.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Rasika Nayanajith Tue, 02/04/2014 - 10:51
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi Thomas,


I am currently running version 7.4.100.60.

This is not a good version of software to be in. I would advise you to  upgrade your controller to 7.4.121.0. here is the release note of that code

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74mr02.html


Also upgrade your WLC FUS to 1.9.0.0 version. This will take 30-40min & get sufficient outage window organised if you are going ahead with it.

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/fus_rn_OL-31390-01.html


HTH

Rasika


*** Pls rate all useful responses ****

Thomas McLean Wed, 02/05/2014 - 01:32
User Badges:

Hi Rasika,


Thanks for the helpful response. would you happen to know if the upgrade resolves the issue with the openssl vulnerability?


Thomas.

Rasika Nayanajith Wed, 02/05/2014 - 01:41
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi Thomas,


I am not too sure about particular vulnerability. The code I have given is the one recommended many others in this forum & cisco as well.


So do the upgrade & see.


Thanks for rating as well


HTH

Rasika


**** Pls rate all useful responses *****

Scott Fella Wed, 02/05/2014 - 04:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Thomas,

Ask you local Cisco SE. He or she should be able to get that answer for you. I have had similar questions in the past, but directed them to the SE and he was able to find the answer.

Sent from Cisco Technical Support iPhone App

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network