Cisco Bug: CSCum62591 - Inconsistency in NMSP Behavior on Cisco IOS and IOS-XE Devices
Oct 25, 2019
- Cisco 5700 Series Wireless LAN Controllers
Known Affected Releases
15.0DPA 15.0DPB 15.0SID
Symptom: Cisco devices running IOS software versions prior to 15.2(02)E01 or IOS-XE software versions prior to 3.6.01E may allow remote, unauthenticated attackers to retrieve version information on the software release running on the device by accessing the Network Mobility Services Protocol (NMSP) port. The vulnerability exists due to a failure to properly secure NMSP with authentication, which has been made standard in software release from IOS 15.2(02)E01 and IOS-XE 3.7.0E on. An attacker could exploit earlier software releases to map the network and gather information for further attacks. Conditions: Devices running IOS software versions prior to 15.2(02)E01 or IOS-XE versions prior to 3.6.01E.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases