Guest

Preview Tool

Cisco Bug: CSCum62591 - Inconsistency in NMSP Behavior on Cisco IOS and IOS-XE Devices

Last Modified

Oct 25, 2019

Products (1)

  • Cisco 5700 Series Wireless LAN Controllers

Known Affected Releases

15.0DPA 15.0DPB 15.0SID

Description (partial)

Symptom:
Cisco devices running IOS software versions prior to 15.2(02)E01 or IOS-XE software versions prior to 3.6.01E may allow remote, unauthenticated attackers to retrieve version information on the software release running on the device by accessing the Network Mobility Services Protocol (NMSP) port.

The vulnerability exists due to a failure to properly secure NMSP with authentication, which has been made standard in software release from IOS 15.2(02)E01 and IOS-XE 3.7.0E on. An attacker could exploit earlier software releases to map the network and gather information for further attacks.

Conditions:
Devices running IOS software versions prior to 15.2(02)E01 or IOS-XE versions prior to 3.6.01E.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.