Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9196

A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).

Published

2017-04-07T17:59:00.230

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco aironet_access_point 8.1\(15.14\) Yes
Operating System cisco aironet_access_point 8.1\(112.3\) Yes
Operating System cisco aironet_access_point 8.1\(112.4\) Yes
Operating System cisco aironet_access_point 8.1\(131.0\) Yes
Operating System cisco aironet_access_point 8.2\(100.0\) Yes
Operating System cisco aironet_access_point 8.2\(102.43\) Yes
Operating System cisco aironet_access_point 8.2_base Yes
Hardware cisco aironet_1800 - No
Hardware cisco aironet_2800e - No
Hardware cisco aironet_2800i - No
Hardware cisco aironet_3800e - No
Hardware cisco aironet_3800i - No
Hardware cisco aironet_3800p - No
References