Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability

A vulnerability in the command-line interpreter of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an authenticated, local attacker to inject commands in the Linux shell. The commands could be executed with root-level privileges.

The vulnerability is due to improper sanitization of user-supplied input for parameters of command-line interface (CLI) commands. An attacker could exploit this vulnerability by authenticating to the affected device and executing a subset of CLI commands with crafted input for those parameters. A successful exploit could allow the attacker to execute Linux shell commands with root-level privileges on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap”]