Cisco Bug: CSCum62591 - Inconsistency in NMSP Behavior on Cisco IOS and IOS-XE Devices

Last Modified

Oct 25, 2019

Products (1)

Cisco 5700 Series Wireless LAN Controllers

Known Affected Releases

15.0DPA 15.0DPB 15.0SID

Description (partial)

Symptom:
Cisco devices running IOS software versions prior to 15.2(02)E01 or IOS-XE software versions prior to 3.6.01E may allow remote, unauthenticated attackers to retrieve version information on the software release running on the device by accessing the Network Mobility Services Protocol (NMSP) port.

The vulnerability exists due to a failure to properly secure NMSP with authentication, which has been made standard in software release from IOS 15.2(02)E01 and IOS-XE 3.7.0E on. An attacker could exploit earlier software releases to map the network and gather information for further attacks.

Conditions:
Devices running IOS software versions prior to 15.2(02)E01 or IOS-XE versions prior to 3.6.01E.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts