Lucene search

[email protected]CVE-2017-12281

HistoryNov 02, 2017 - 4:29 p.m.

CVE-2017-12281

2017-11-0216:29:00

CWE-287

[email protected]

web.nvd.nist.gov

cisco

aironet

access points

vulnerability

authentication bypass

peap

wlan

flexconnect

nvd

cscvd46314

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314.

Affected configurations

NVD

Node

ciscoaironet_1800_firmwareMatch-

AND

ciscoaironet_1830eMatch-

ciscoaironet_1830iMatch-

ciscoaironet_1850eMatch-

ciscoaironet_1850iMatch-

Node

ciscoaironet_2800_firmwareMatch-

AND

ciscoaironet_2800eMatch-

ciscoaironet_2800iMatch-

Node

ciscoaironet_3800_firmwareMatch-

AND

ciscoaironet_3800eMatch-

ciscoaironet_3800iMatch-

ciscoaironet_3800pMatch-

CPENameOperatorVersion
cisco:aironet_1800_firmwarecisco aironet 1800 firmwareeq-

CPE	Name	Operator	Version
cisco:aironet_1800_firmware	cisco aironet 1800 firmware	eq	-

CNA Affected

[
  {
    "product": "Cisco Aironet 1800, 2800, and 3800 Series Access Points",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Aironet 1800, 2800, and 3800 Series Access Points"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101649

www.securitytracker.com/id/1039725

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

Related for CVE-2017-12281

cisco1 prion1 cvelist1 nvd1 openvas1