This vulnerability affects only Cisco 1560, 1800, 2800, and 3800 Series Access Points that are running a vulnerable release of Cisco Mobility Express (ME) Software. For information about affected software releases, consult the Cisco bug ID(s) at the top of this advisory.
Determining the Cisco Mobility Express Software Release
To determine which Cisco Mobility Express Software release is running on a device, administrators can use the web interface or the CLI of the device.
To use the web interface, do the following:
- Log in to the web interface
- Choose System Software > Software Upgrade
- Refer to the value in the System Software Version field
To use the CLI, log in to the AP through a Telnet or an SSH session, issue the show version command, and then refer to the command output. The following example shows the command output for a Cisco Aironet 1852i Access Point that is running Cisco Mobility Express Software Release 220.127.116.11:
AP# show version
cisco AIR-AP1852I-UXK9 ARMv7 Processor rev 0 (v71) with 997184/525160K bytes of memory.
Processor board ID RFDP2BCR021
AP Running Image : 18.104.22.168
Primary Boot Image : 22.214.171.124
Backup Boot Image : 126.96.36.199
AP Image type : MOBILITY EXPRESS IMAGE
AP Configuration : MOBILITY EXPRESS CAPABLE
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following Cisco products:
- Small Business 100 Series Access Points
- Small Business 300 Series Access Points
- Small Business 500 Series Access Points
- Aironet 1540 Series Access Points
Note: The Cisco Aironet 1550 Series Outdoor Access Point was not investigated because it has entered the end-of-life process. Refer to the End-of-Sale and End-of-Life Announcement for the Cisco Aironet 1550 Series Outdoor Access Point for additional information.