'[c-nsp] Cisco Security Advisory: Cisco Mobility Express 1800 Access Point Series Authentication Bypa'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cisco-nsp
Subject:    [c-nsp] Cisco Security Advisory: Cisco Mobility Express 1800 Access Point Series Authentication Bypa
From:       psirt () cisco ! com
Date:       2017-03-15 16:02:26
Message-ID: 201703151602.8.ap1800
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Mobility Express 1800 Access Point Series \
Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20170315-ap1800

Revision: 1.0

For Public Release: 2017 March 15 16:00 GMT

Last Updated: 2017 March 15 16:00 GMT

CVE ID(s): CVE-2017-3831

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access \
Points could allow an unauthenticated, remote attacker to bypass authentication. The \
attacker could be granted full administrator privileges.

The vulnerability is due to improper implementation of authentication for accessing \
certain web pages using the GUI interface. An attacker could exploit this \
vulnerability by sending a crafted HTTP request to the web interface of the affected \
system. A successful exploit could allow the attacker to bypass authentication and \
perform unauthorized configuration changes or issue control commands to the affected \
device.

Cisco has released software updates that address this vulnerability. There are no \
workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800 \
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800"]

-----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJYyWWBZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlvtxAA20Aufg/w2bAsLWks
nrc2gUsx8ZfpKwm1IyZbxvvAvk/CKqVpzycMOZQFnlauMp4nSVSA1DrIYnwGxgS9
nW3Gt1yk5J6JlvTTYFCmjcJnqo8dnC9UGs4eKsapCIHEyiOMyWuwk3LNbIVCk9G/
ymtCDf4cv+3380hqJpEOl/tsygmVWtmDAxVWiObX72N2y7XIQwUpGgteHU+ZMn15
kliO/Odtzi6q9qlR6oEMtdoTNEx3+2mDH9hU0snHLBEs66eITmTbYRTuHOw9YiiJ
fS83QMzh3d8WsXmK+d4w0gOzvcBznObCt7gIvBo+54asza7kohCMcM1uNQlzg3cT
6j9Fq2/fQTWNRqdDmfF4OHZObR7gHIh9rCNC6jEyf4qtOIrK+MuXRVrxiHW+jUW9
hZ1w/CInZtBSiKsndwA9AJkgaza8anyASjPhOJ0oIMkVoxSndieA3kqcYyixKs8N
7Sl+CLp19QyffeN7SbVSeedefs29VCOrnTmHUT9qIh13/vMlcYUGyHFIhUsTs1Yq
FDtjMIAST+bRime9dUpC3bNubSwLz1JuHD2AT/IWPMkCKSQVvd7f+vY+Urur+i96
6PR5oizd/gP6RKL/78wp7DOGCt1ztclmpIdFBxj1LwH5KKP/lBTjvK54NUsUkoL+
+CvKEPjezdvugZOOoo6K2VXf4QY=
=Xeal
-----END PGP SIGNATURE-----

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[prev in list] [next in list] [prev in thread] [next in thread] 