Improper authentication in Cisco Aironet 1850 Series Access Points - CVE-2018-0250
Published: May 7, 2018
Vulnerability identifier: #VU12388
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0250
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Aironet 1850 Series Access Points
Cisco Aironet 1850 Series Access Points
Detailed vulnerability description
The vulnerability allows an adjacent authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to the AP ignoring the ACL download from the client during authentication. An adjacent attacker can connect to the target device with a vulnerable configuration and bypass a configured client FlexConnect ACL.
The weakness exists due to the AP ignoring the ACL download from the client during authentication. An adjacent attacker can connect to the target device with a vulnerable configuration and bypass a configured client FlexConnect ACL.
How to mitigate CVE-2018-0250
Update to versions 8.6(101.0), 8.6(1.12), 8.5(103.0) or 8.5(1.140).