Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

POODLE and WLC's

If you drilll down in the POODLE security advisory ( Advisory ID: cisco-sa-20141015-poodle) into the Affected products and then to the vulnerable produst and almost at the end you find

If you open up this bug report it ONLY identifies and lists the 5508. So... does this mean that none of the other controllers such as the 4400.2500,  WiSM and WiSM2 are effected? Kind of difficult to beleive since  they are are interrelated (at least the 5508 and WiSM2).

Anyone know?

Thanks!

6 REPLIES

This SSL v3 Poodle attack /

This SSL v3 Poodle attack / Portal attack is limited to 5508 controllers

New Member

Great, Thanks for the reply

Great, Thanks for the reply and one more question because the bug report is still a bit vague and confusing:

It states that the Known Affected Releases: (2) are 7.6.130.0 and 8.0.100.0

Does that mean that earlier releases are NOT affected?? Our 5508's are on 7.4.121

 

Thanks!

Cisco Employee

Hi,All the possible previous

Hi,

All the possible previous releases are affected because of the way Protocol is implemented. I think in 7.4 chain , the fix might come when you would have  next 7.4 MR.

Regards

Dhiresh

**Please rate helpful posts**

Cisco Employee

Hi, Also  any product using

Hi,

 

Also  any product using SSLv3 and trying https is affected so rest of the WLC also come under this definition.

 

Regards

Dhiresh

**Please rate helpful posts**

New Member

Hmmm,  two answers for which

Hmmm,  two answers for which WLC's are vulnerable, both marked correct and contradicting each other.  I have to wonder why Cisco only listed the 5508 in the bug report and only listed 2 versions of RTOS. I hate to make assumptions even if they seem to make sense so hopefully Cisco will update and revise the advisory...

Thanks!

Cisco Employee

Hi, Any device in the world

Hi,

 

Any device in the world which uses SSLv3 is affected and not only wireless controllers. So if you are accessing any box (any series and any Vendor )using SSLv3 ..It is affected untill they fix it in the future versions.

 

Regards

Dhiresh

463
Views
10
Helpful
6
Replies
CreatePlease to create content