CiscoCISCO-SA-20180502-AIRONET-AUTHCisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability
EPSS
Percentile
35.5%
A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic.
The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth”]
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | wireless_lan_controller | any | cpe:2.3:h:cisco:wireless_lan_controller:any:*:*:*:*:*:*:* |
| cisco | aironet_access_point_software | any | cpe:2.3:a:cisco:aironet_access_point_software:any:*:*:*:*:*:*:* |
Related
