Multiple vulnerabilities in Cisco Aironet



Published: 2018-05-07
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-0247
CVE-2018-0234
CVE-2018-0250
CVE-2018-0249
CWE-ID CWE-287
CWE-20
CWE-19
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cisco Aironet 3700 Series
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Aironet 1850 Series Access Points
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper authentication

EUVDB-ID: #VU12373

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-0247

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows an adjacent unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An adjacent attacker can send traffic to local network resources without having gone through authentication, bypass authentication and pass traffic.

Mitigation

Update Cisco 5500 Series Wireless Controllers to 15.3(3)JF15.3(3)JE, 15.3(3)JD7, 15.3(3)JD5, 15.3(3)JC7, 8.5(103.0), 8.5(1.79), 8.5(1.78), 8.4(100.0), 8.4(2.65), 8.3(121.0), 8.3(114.29), 8.2(160.0), 8.2(154.27) or 8.2(154.23) or Cisco Aironet 3700 Series to 15.3(3)JG15.3(3)JF2, 15.3(3)JD13, 8.7(102.0), 8.7(1.54), 8.7(1.52), 8.6(101.0), 8.6(1.144), 8.6(1.143), 8.5(110.0), 8.5(107.77), 8.3(140.0), 8.3(134.25) or 8.2(167.9).










  

Vulnerable software versions

Cisco Aironet 3700 Series: 8.3.104.105 - 8.5.107.52


CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Improper input validation

EUVDB-ID: #VU12387

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-0234

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. A remote attacker can initiate a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point and cause the service to crash.

Mitigation

Update to versions 8.7(102.0), 8.7(1.24), 8.6(101.0), 8.6(1.108), 8.5(110.0), 8.5(107.37) or 8.5(103.9).

Vulnerable software versions

Cisco Aironet 1850 Series Access Points: 8.4.100.0 - 8.5.103.0


CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Improper authentication

EUVDB-ID: #VU12388

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-0250

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions on the target system.

The weakness exists due to the AP ignoring the ACL download from the client during authentication. An adjacent attacker can connect to the target device with a vulnerable configuration and bypass a configured client FlexConnect ACL.

Mitigation

Update to versions 8.6(101.0), 8.6(1.12), 8.5(103.0) or 8.5(1.140).

Vulnerable software versions

Cisco Aironet 1850 Series Access Points: 8.2.160.0 - 8.7.1.3


CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Data handling

EUVDB-ID: #VU12390

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-0249

CWE-ID: CWE-19 - Data Handling

Exploit availability: No

Description

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to incorrect handling of malformed or invalid 802.11 Association Requests. An adjacent attacker can send a specially crafted stream of 802.11 Association Requests to the local interface and cause the service to crash.

Mitigation

Update to versions 8.7(102.0), 8.7(1.30), 8.6(101.0), 8.6(1.117), 8.5(110.0), 8.5(107.49), 8.3(140.0), 8.3(134.8), 8.3(130.5) or 8.2(163.7).

Vulnerable software versions

Cisco Aironet 1850 Series Access Points: 8.2.161.0


CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###