Wednesday, September 27, 2017

Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability

This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). For information about which Cisco IOS XE Software releases are vulnerable, see the

Fixed Software

section of this advisory.

To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the

show version

command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays

Cisco IOS XE Software

or similar text.

The following example shows the output of the

show version

command on a device that is running Cisco IOS XE Software Release 3.16.1aS:

Router> show version

Cisco IOS XE Software, Version 03.16.01a.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.5(3)S1a, RELEASE SOFTWARE (fc1)
Technical Support: http://ift.tt/yGenYU
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 04-Nov-15 17:40 by mcpre
.
.
.

For information about the naming and numbering conventions for Cisco IOS XE Software releases, see White Paper: Cisco IOS and NX-OS Software Reference Guide.

To determine if the device is acting as a WLC, administrators can log in to the device and use the 

show wireless interface summary

command in the CLI, and then refer to the command output that appears. If the device is acting as a WLC, the output will display configured interfaces.

The following example shows the output of the 

show wireless interface summary

command on a device with one wireless interface configured:

3850-4# show wireless interface summary 
Wireless Interface Summary

Interface Name Interface Type VLAN ID IP Address IP Netmask MAC Address
--------------------------------------------------------------------------------
Vlan151 Management 151 192.168.151.14 255.255.255.0 d0c7.8956.b24d

No other Cisco products are currently known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco IOS Software, Cisco IOS XR Software, or Cisco NX-OS Software.



from Cisco Security Advisory http://ift.tt/2xKclRj

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.