This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CVE-2023-35803 mitigation ?

CVE-2023-35803 mitigation ?

Go to solution
fran1942
New Contributor II

‎07-19-2023 12:43 AM

Hello, until we get the firmware upgraded, what sort of AP firewall policy is required to mitigate this vulnerability ? i.e inbound/outbound ? blocking port 5916 ?

CVE-2023-35803

Thank you kindly

1 ACCEPTED SOLUTION

Go to solution
LaurentA
New Contributor II

‎07-20-2023 05:08 AM

Hi,

According to the researcher Blog and Exploit code, the attacker needs to connect to the AP over the port TCP/5916.
A quick workaround should be to block this port to anyone (using Firewall in User-Profiles for Wi-Fi users, and using classic LAN segmentation for the wired users).
Regards,

View solution in original post

6 REPLIES 6

Go to solution
LaurentA
New Contributor II

‎07-20-2023 05:08 AM

Hi,

According to the researcher Blog and Exploit code, the attacker needs to connect to the AP over the port TCP/5916.
A quick workaround should be to block this port to anyone (using Firewall in User-Profiles for Wi-Fi users, and using classic LAN segmentation for the wired users).
Regards,

Go to solution
fran1942
New Contributor II
In response to LaurentA

‎07-23-2023 03:11 PM

thank you. Would that be an inbound or outbound policy to block TCP 5916 ?

0 Kudos

Go to solution
LaurentA
New Contributor II
In response to fran1942

‎07-24-2023 07:02 AM

Hi,
In all your Wireless User-Profiles  in Firewall "Outbound Policy" you should block connection to TCP/5916 port by creating a "Deny" rule on top.
This will prevent attack from Wireless Users (for the Wired one, rely on your corporate firewall, as long as the AP are in an isolated network).
To ensure the port is not reachable anymore, you can use Microsoft Powershell "Test-NetConnection" commandlet.
Example, if your Access Point IP address is 10.0.0.10, you can use the following powershell command :
tnc 10.0.0.10 -port 5916
The "TcpTestSucceeded" result should be "false".

Regards,

0 Kudos

Go to solution
fran1942
New Contributor II
In response to LaurentA

‎07-24-2023 01:25 PM

thank you. So an 'outbound' policy controls traffic coming into the AP from wireless users ?

 

0 Kudos
GTM-P2G8KFN