Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3834

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691.

Published

2017-04-06T18:59:00.323

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-255
Type: Primary
CWE-1188

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	aironet_access_point_firmware	8.2.100.0	Yes
Operating System	cisco	aironet_access_point_firmware	8.2.102.43	Yes
Operating System	cisco	aironet_access_point_firmware	8.2.102.139	Yes
Operating System	cisco	aironet_access_point_firmware	8.2.111.0	Yes
Operating System	cisco	aironet_access_point_firmware	8.2.121.12	Yes
Operating System	cisco	aironet_access_point_firmware	8.2.130.0	Yes
Operating System	cisco	aironet_access_point_firmware	90.57	Yes
Operating System	cisco	aironet_access_point_firmware	102.0	Yes
Hardware	cisco	aironet_1830i_access_point	-	No
Hardware	cisco	aironet_1850e_access_point	-	No
Hardware	cisco	aironet_1850i_access_point	-	No

References

http://www.securityfocus.com/bid/97422 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1038181 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/97422 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038181 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)