Improper input validation in Aironet - CVE-2017-3873
Published: May 5, 2017
Vulnerability identifier: #VU6429
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-3873
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Aironet
Aironet
Detailed vulnerability description
The vulnerability allows an adjacent unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists due to insufficient validation of PnP server responses. An ajacent attacker can respond to PnP configuration requests from the affected device, return malicious PnP responses and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability results in arbitrary code execution.
The weakness exists due to insufficient validation of PnP server responses. An ajacent attacker can respond to PnP configuration requests from the affected device, return malicious PnP responses and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability results in arbitrary code execution.
How to mitigate CVE-2017-3873
Install update from vendor's website.