Executive Summary

Title Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
Name cisco-sa-20170503-cme First vendor Publication 2017-05-03
Vendor Cisco Last vendor Modification 2017-05-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.9 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 5.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges.

The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme"]


iQKBBAEBAgBrBQJZCf96ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkKow//dfUgIr7Rz9pJ45qc 29ryqUM8W0CTN7AAJfZUhcwrvC/Pn7xZHmtJEEj9fxjzyqMueunIrPzI1vO+mmT9 92+bN7Ic0vwvbHZ5Xm9tqQQDYXik3dAqKqLrUTIQDhry/nr2Blj+71WbmbojKumY 7FzbvsigNTehxkhScg88DTtOLGQaM/GQM/VAWv2HjY5u/r7GUrsa/Uzg4E/dnsP3 bEHCQswXoF7ap+121DlvoHca2RKEYD4wdkLEzxvOmojSBPTgbLMUdKPzu1lgYLul J7N7de3bF4NpBQMKRcyyE4UTYQWwOleBunDN9uT6lrrKHfCOorZbVFmXzT/W/U8O rELVGBB1Wv/G2skOVfNz5QwF/ZWqFizcaqQTZOfayXxIwv0E/Igcf329MRhbHFJm 1RnV1hSjNlkfCvWCI4cbuj5zW6RfKQ4jAlL/Mp7PhjElsHTwXG5SfTpckMlJmuaU mwedT+pbxQbKU5thf8RjdKBEm5gItjoKuIO7iROuOKN2EJsJ/SvTekHY0ZW4g38z XdUChpSXOq8ys+xDXmYh16EDdDWVbeWzAio6D/TvK89X8Zcom4rQyGGNK+OtkIaQ QkyZ6Wybt1dRkLw4z4pq/Xv/V0XADTTjFOSStTEZvZCcBusC9hBgw2fP3kYgtBAc MdY5SzgAxRw1T1AXRNdp768H/Hw= =UB28 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Os 1

Snort® IPS/IDS

Date Description
2017-05-04 Cisco Aironet Mobility Express PnP agent directory traversal attempt
RuleID : 42489 - Revision : 1 - Type : SERVER-OTHER

Alert History

If you want to see full details history, please login or register.
Date Informations
2017-05-25 21:25:13
  • Multiple Updates
2017-05-16 21:24:06
  • Multiple Updates
2017-05-03 21:21:47
  • First insertion