Risk | Low |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2018-0247 CVE-2018-0234 CVE-2018-0250 CVE-2018-0249 |
CWE-ID | CWE-287 CWE-20 CWE-19 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco Aironet 3700 Series Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Aironet 1850 Series Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU12373
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0247
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An adjacent attacker can send traffic to local network resources without having gone through authentication, bypass authentication and pass traffic.
Update Cisco 5500 Series Wireless Controllers to 15.3(3)JF15.3(3)JE, 15.3(3)JD7, 15.3(3)JD5, 15.3(3)JC7, 8.5(103.0), 8.5(1.79), 8.5(1.78), 8.4(100.0), 8.4(2.65), 8.3(121.0), 8.3(114.29), 8.2(160.0), 8.2(154.27) or 8.2(154.23) or Cisco Aironet 3700 Series to 15.3(3)JG15.3(3)JF2, 15.3(3)JD13, 8.7(102.0), 8.7(1.54), 8.7(1.52), 8.6(101.0), 8.6(1.144), 8.6(1.143), 8.5(110.0), 8.5(107.77), 8.3(140.0), 8.3(134.25) or 8.2(167.9).
Cisco Aironet 3700 Series: 8.3.104.105 - 8.5.107.52
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12387
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0234
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. A remote attacker can initiate a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point and cause the service to crash.
MitigationUpdate to versions 8.7(102.0), 8.7(1.24), 8.6(101.0), 8.6(1.108), 8.5(110.0), 8.5(107.37) or 8.5(103.9).
Vulnerable software versionsCisco Aironet 1850 Series Access Points: 8.4.100.0 - 8.5.103.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12388
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0250
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to the AP ignoring the ACL download from the client during authentication. An adjacent attacker can connect to the target device with a vulnerable configuration and bypass a configured client FlexConnect ACL.
Update to versions 8.6(101.0), 8.6(1.12), 8.5(103.0) or 8.5(1.140).
Vulnerable software versionsCisco Aironet 1850 Series Access Points: 8.2.160.0 - 8.7.1.3
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12390
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0249
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to incorrect handling of malformed or invalid 802.11 Association Requests. An adjacent attacker can send a specially crafted stream of 802.11 Association Requests to the local interface and cause the service to crash.
Update to versions 8.7(102.0), 8.7(1.30), 8.6(101.0), 8.6(1.117), 8.5(110.0), 8.5(107.49), 8.3(140.0), 8.3(134.8), 8.3(130.5) or 8.2(163.7).
Vulnerable software versionsCisco Aironet 1850 Series Access Points: 8.2.161.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.