Cisco Wi-Fi boxes writing 5MB of undeletable data daily • The Register

Cisco Wi-Fi boxes are filling their disks with 5MB of undeletable data every day Fix for critical flaw is an OS update you may not be able to make because the junk data uses all memory

Cisco has disclosed a significant issue affecting over 230 models of its Wi-Fi access points, where devices running specific versions of IOS XE are generating 5MB of nonessential log data daily that cannot be deleted through the command line interface. This accumulation of undeletable data is progressively filling the onboard flash memory of affected devices, potentially preventing them from downloading and installing critical software updates.

The problem stems from an updated library in Cisco IOS XE versions 17.12.4, 17.12.5, 17.12.6, and 17.12.6a. These versions cause access points to generate a log file named cnssdaemon.log that grows by approximately 5MB every day. Cisco warns that "The longer an AP runs the affected software, the higher the probability that a software download will fail due to insufficient disk space."

What makes this situation particularly problematic is the catch-22 Cisco describes: the obvious solution is to update to a version of IOS XE that doesn't write the problematic log file, but if your Wi-Fi access point has already filled its flash storage with this junk data, it may not have enough internal storage space to hold the updated operating system. In such cases, Cisco warns users could end up with a bootloop, rendering their access points unusable.

The networking giant has published an advisory that includes a procedure to test for the presence of the offending IOS XE releases and provides instructions on how to resolve the issue. The advisory comprehensively lists over 230 models of Cisco access points that run the affected versions of IOS XE, giving administrators a clear roadmap for identifying vulnerable devices in their networks.

This situation highlights the importance of maintaining accurate and up-to-date inventories of network infrastructure. Cisco's advisory implicitly acknowledges that many organizations may not have detailed records of their access point fleets, noting that administrators who lack this information "doubtless inherited a mess from a slovenly predecessor and now get to be the hero who tidies things up."

The issue adds to Cisco's recent challenges in the networking space, coming amid other developments including the company's exploration of titanium spoons and sand dunes for building better hardware, plans to release a home-brew hypervisor as a VMware alternative, price hikes to cover memory cost increases, and challenges to Broadcom and Nvidia with a 102.4T switch.

For IT administrators managing Cisco Wi-Fi infrastructure, this advisory serves as a critical reminder to regularly audit network devices, maintain current software versions, and ensure adequate monitoring of storage utilization on network equipment. The inability to delete log files through standard CLI commands also raises questions about the design of the affected IOS XE versions and the importance of including proper log management and cleanup mechanisms in network operating systems.

The timing of this disclosure is particularly relevant as organizations continue to rely heavily on wireless infrastructure for their operations. With the increasing adoption of IoT devices, cloud services, and remote work arrangements, Wi-Fi networks have become mission-critical infrastructure that requires careful management and maintenance.

Administrators are advised to immediately check their Cisco access point inventory against the list provided in Cisco's advisory and begin planning remediation efforts. Those with affected devices should prioritize testing for the problematic IOS XE releases and follow Cisco's prescribed procedures for resolution before the accumulation of undeletable log data prevents necessary software updates from being installed.

This incident also serves as a broader lesson for network equipment manufacturers about the importance of robust testing for storage management and the potential consequences of seemingly minor issues that can cascade into major operational problems when they affect large numbers of devices across enterprise networks worldwide.