Cisco Cisco Aironet 1130 AG Access Point Notas de publicación
21
Release Notes for Cisco Aironet Access Points for Cisco IOS Release 12.3(8)JEA
OL-11186-01
Caveats
•
CSCsd28570—tclsh bypass of AAA authorization commands
A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA)
command authorization feature, where command authorization checks are not performed on
commands executed from the Tool Command Language (TCL) exec shell. This may allow
authenticated users to bypass command authorization checks in some configurations resulting in
unauthorized privilege escalation.
command authorization feature, where command authorization checks are not performed on
commands executed from the Tool Command Language (TCL) exec shell. This may allow
authenticated users to bypass command authorization checks in some configurations resulting in
unauthorized privilege escalation.
Conditions: Devices that are not running AAA command authorization feature, or do not support
TCL functionality are not affected by this vulnerability. This vulnerability is present in all versions
of Cisco IOS that support the tclsh command.
TCL functionality are not affected by this vulnerability. This vulnerability is present in all versions
of Cisco IOS that support the tclsh command.
Workaround: This advisory with appropriate workarounds is posted at
Please refer to the Advisories "Software Versions and Fixes" table for the first fixed release of Cisco
IOS software.
IOS software.
•
CSCsd38260—WPA-PSK is no longer corrupted when entered in the GUI
•
CSCsd42555—WPAv2 EAP authentication is no longer bypassed when switching SSIDs and PMK
is cached
is cached
•
CSCsd44753—Non root bridge no longer crashes when another non root bridge associates to a root
bridge or unconfigured VLAN from root bridge
bridge or unconfigured VLAN from root bridge
•
CSCsd54748—EAP-FAST with local radius no longer fails with usernames having more than 12
characters
characters
•
CSCsd61537—A log message now appears when a server assigns a station to an invalid VLAN
•
CSCsd70791—Access point with layer 3 mobility no longer logs %SYS-2-GETBUF: Bad getbuffer
message
message
•
CSCsd71438—dot11_mgmt_assoc_resp_msg_proc: null or zero len ssid message no longer appears
in the syslog when no debug is turned on
in the syslog when no debug is turned on
•
CSCsd82624—WPA clients now reauthenticate when card is restarted
•
CSCse00415—1240 series access point FastEthernet interface no longer stops responding to traffic
•
CSCse02560—Access point no longer reloads unexpectedly crashes on Process WLCCP AP
Traceback= 4DD1E0
Traceback= 4DD1E0
•
CSCse32424—Workgroup bridge no longer drops static bridge entry
•
CSCse47627—Unexpected configuration downgrades no longer occur on no power client local
command
command
•
CSCsb99881—DFS is disabled for Taiwan until future release
An AP12xx device using an RM21 or RM22 radio configured for operation in Taiwan will
automatically select the operational channel and will not allow manual channel configuration.
Attempting to configure the channel will result in the following message being displayed on the
console:
automatically select the operational channel and will not allow manual channel configuration.
Attempting to configure the channel will result in the following message being displayed on the
console:
Dynamic Frequency Selection (DFS) requires automatic channel configuration on
interface Dot11Radio1
This only applies to access points using an RM21 or RM22 radio configured for Taiwan, and with
IOS version 12.3(7) or later. This operation is by design, and will be required by all 802.11a access
points in Taiwan beginning sometime in 2006. However, it is not a current requirement, but was
inadvertently enabled for Taiwan.
IOS version 12.3(7) or later. This operation is by design, and will be required by all 802.11a access
points in Taiwan beginning sometime in 2006. However, it is not a current requirement, but was
inadvertently enabled for Taiwan.