cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1227
Views
0
Helpful
4
Replies

SSLV3 vulnerability status check

sajinperikkat
Level 1
Level 1

Hi,

 

I have Cisco 2500 (2504) & 5500 (5508) series wireless controllers running with the IOS version '7.2.111.3' , want to understand  whether this series is still vulnerable with SSLv3 or do we need have any remediation plans? 

 

Will appreciate your quick reply. 

 

Thanks,

Sajin P 

1 Accepted Solution

Accepted Solutions

show network summary will show you the SSL versions enabled ,

 

 

View solution in original post

4 Replies 4

ali aqrabawi
Level 3
Level 3

yes , wlcs are impacted by this Vul , 

 

please see this bug which opened in this regards :

https://tools.cisco.com/bugsearch/bug/CSCur27551

 

u will find all the info you will need, 

 

but please note that the SSLv3 is no secured ,and it's vulnerability  affect all products (cisco/non-cisco) , so disable it where ever u see it , on cisco and non-cisco , on servers and clients. 

 

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118620-technote-esa-00.html

 

i hope that answer your question

Thanks for your reply Ali,

I am running 7.2.111.3 in my WLC, However my WLC is not accepting following commands "fipsconfig &  sslconfig" to check current running SSL version.

Is there any commands to identify the running SSL versions? My GUI is running with SSLV3 I would need to change that as well to TLS V1. 

Thanks,

Sajin P | +91-9916709992 

 

show network summary will show you the SSL versions enabled ,

 

 

Thanks Ali, I can see I am running with SSL V2 on all the WLC devices. So, is that version also impacted with vulnerability & we would need to move to TLS V1 ? 

RF-Network Name............................. admin-1
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: