Lucene search

CiscoCVE-2017-12281

HistoryNov 02, 2017 - 4:29 p.m.

CVE-2017-12281

2017-11-0216:29:00

CWE-287

cisco

web.nvd.nist.gov

cisco

aironet

access points

vulnerability

authentication bypass

peap

wlan

flexconnect

nvd

cscvd46314

CVSS2

5.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

43.7%

JSON

A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314.

Affected configurations

Nvd

Node

ciscoaironet_1800_firmwareMatch-

AND

ciscoaironet_1830eMatch-

ciscoaironet_1830iMatch-

ciscoaironet_1850eMatch-

ciscoaironet_1850iMatch-

Node

ciscoaironet_2800_firmwareMatch-

AND

ciscoaironet_2800eMatch-

ciscoaironet_2800iMatch-

Node

ciscoaironet_3800_firmwareMatch-

AND

ciscoaironet_3800eMatch-

ciscoaironet_3800iMatch-

ciscoaironet_3800pMatch-

VendorProductVersionCPE
ciscoaironet_1800_firmware-cpe:2.3:o:cisco:aironet_1800_firmware:-:*:*:*:*:*:*:*
ciscoaironet_1830e-cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*
ciscoaironet_1830i-cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*
ciscoaironet_1850e-cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*
ciscoaironet_1850i-cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*
ciscoaironet_2800_firmware-cpe:2.3:o:cisco:aironet_2800_firmware:-:*:*:*:*:*:*:*
ciscoaironet_2800e-cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*
ciscoaironet_2800i-cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*
ciscoaironet_3800_firmware-cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*
ciscoaironet_3800e-cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	aironet_1800_firmware	-	cpe:2.3:o:cisco:aironet_1800_firmware:-:::::::*
cisco	aironet_1830e	-	cpe:2.3:h:cisco:aironet_1830e:-:::::::*
cisco	aironet_1830i	-	cpe:2.3:h:cisco:aironet_1830i:-:::::::*
cisco	aironet_1850e	-	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
cisco	aironet_1850i	-	cpe:2.3:h:cisco:aironet_1850i:-:::::::*
cisco	aironet_2800_firmware	-	cpe:2.3:o:cisco:aironet_2800_firmware:-:::::::*
cisco	aironet_2800e	-	cpe:2.3:h:cisco:aironet_2800e:-:::::::*
cisco	aironet_2800i	-	cpe:2.3:h:cisco:aironet_2800i:-:::::::*
cisco	aironet_3800_firmware	-	cpe:2.3:o:cisco:aironet_3800_firmware:-:::::::*
cisco	aironet_3800e	-	cpe:2.3:h:cisco:aironet_3800e:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Cisco Aironet 1800, 2800, and 3800 Series Access Points",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Aironet 1800, 2800, and 3800 Series Access Points"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101649

www.securitytracker.com/id/1039725

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3

CVSS2

5.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

43.7%

JSON

Related for CVE-2017-12281