Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Pen test showed the WLC-5508 is vulnerable

Guys,

Does anyone know of a specific bug that covers CVE-2010-4180 for the Cisco WLC-5508? The description of the bug is "A flaw has been found in the OpenSSL SSL/TLS server code where an old bug workaround allows malicous clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. "

I've found bug id CSCtk61443 but this only covers the ASA and has been resolved.

I am currently running version 7.4.100.60.

Does anyone know if future versions of code resolve this vulenerability?

Anyhelp in this instance is appreciated.

Thanks,

Thomas.

Everyone's tags (3)
4 REPLIES
VIP Purple

Pen test showed the WLC-5508 is vulnerable

Hi Thomas,

I am currently running version 7.4.100.60.

This is not a good version of software to be in. I would advise you to  upgrade your controller to 7.4.121.0. here is the release note of that code

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74mr02.html

Also upgrade your WLC FUS to 1.9.0.0 version. This will take 30-40min & get sufficient outage window organised if you are going ahead with it.

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/fus_rn_OL-31390-01.html

HTH

Rasika

*** Pls rate all useful responses ****

Community Member

Pen test showed the WLC-5508 is vulnerable

Hi Rasika,

Thanks for the helpful response. would you happen to know if the upgrade resolves the issue with the openssl vulnerability?

Thomas.

VIP Purple

Pen test showed the WLC-5508 is vulnerable

Hi Thomas,

I am not too sure about particular vulnerability. The code I have given is the one recommended many others in this forum & cisco as well.

So do the upgrade & see.

Thanks for rating as well

HTH

Rasika

**** Pls rate all useful responses *****

Hall of Fame Super Silver

Re: Pen test showed the WLC-5508 is vulnerable

Thomas,

Ask you local Cisco SE. He or she should be able to get that answer for you. I have had similar questions in the past, but directed them to the SE and he was able to find the answer.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
616
Views
4
Helpful
4
Replies
CreatePlease to create content