Guest

Preview Tool

Cisco Bug: CSCup92277 - Controller responds to SYN-FIN scans

Last Modified

Sep 12, 2019

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

7.6(120.0)

Description (partial)

Symptom:
Cisco Wireless LAN Controllers (WLC) respond to a TCP packet that has both the SYN and RST flags set with a SYN packet.

This behavior could be leveraged to bypass firewall rules on devices that are in front of the Cisco WLC and do not properly filter such packets.  Best 
practices dictate that such a request should be silently dropped and the state of the TCP port unchanged.

Conditions:
Cisco Wireless LAN Controllers running an affected version of Cisco WLC Software.

Related Community Discussions

8.0 MR1 Beta Availability
8.0.102.x Available - 8.0MR1 Beta 8.0MR2 is now in beta; see https://supportforums.cisco.com/document/12492986/80mr2-beta-availability .   December 22 Final build posted to CCO. 8.0.110.0, beta is closed Thanks for your interest!   Support For any new issue during this test, please write to wnbu-mrbeta@external.cisco.com, pre-existing problems would be directed through normal TAC support channels, the image is TAC supported until CCO release of final code   Image types AS_5500* can be used for Wism2/2500/5500 ...
Latest activity: Dec 09, 2014
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.