Cisco released hotfix and statement
an3k opened this issue · 1 comments
Hotfix:
WAP4410N - http://software.cisco.com/download/release.html?mdfid=282414137&flowid=6785&softwareid=282463166&release=2.0.7.4&relind=AVAILABLE&rellifecycle=&reltype=latest
WRVS4400N - http://software.cisco.com/download/release.html?mdfid=282414016&softwareid=282487380&release=2.0.2.2&relind=AVAILABLE&rellifecycle=&reltype=latest
RVS4000 - not yet released, will be available at http://software.cisco.com/download/release.html?mdfid=282414013&softwareid=282465789&release=2.0.3.2&relind=AVAILABLE&rellifecycle=&reltype=latest
Statement:
http://www.cisco.com/en/US/products/csa/cisco-sa-20140110-sbd.html
WAP4410N and WRVS4400N are NO LONGER vulnerable. RVS4000 is still vulnerable but firmware update will be released soon.
I forgot to thank you :)
I reviewed the WAP4410N fix and it correctly fix the backdoor, scfgmgr now only accept connexions from localhost.