Vulnerability identifier: #VU12388

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0250

CWE-ID: CWE-287

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Cisco Aironet 1850 Series Access Points
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Cisco Systems, Inc

Description
The vulnerability allows an adjacent authenticated attacker to bypass security restrictions on the target system.

The weakness exists due to the AP ignoring the ACL download from the client during authentication. An adjacent attacker can connect to the target device with a vulnerable configuration and bypass a configured client FlexConnect ACL.

Mitigation
Update to versions 8.6(101.0), 8.6(1.12), 8.5(103.0) or 8.5(1.140).

Vulnerable software versions

Cisco Aironet 1850 Series Access Points: 8.2.160.0 - 8.7.1.3

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.