Executive Summary

Title Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability
Name cisco-sa-20180502-aironet-ssh First vendor Publication 2018-05-02
Vendor Cisco Last vendor Modification 2018-05-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point.

The vulnerability exists because the Cisco Mobility Express controller of the affected software configures the default SSH user account for an access point to be the first SSH user account that was created for the Mobility Express controller, if an administrator added user accounts directly to the controller instead of using the default configuration or the SSH username creation wizard. Although the user account has read-only privileges for the Mobility Express controller, the account could have administrative privileges for an associated access point. An attacker who has valid user credentials for an affected controller could exploit this vulnerability by using the default SSH user account to authenticate to an affected access point via SSH. A successful exploit could allow the attacker to log in to the affected access point with administrative privileges and perform arbitrary administrative actions.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh"]


iQJ5BAEBAgBjBQJa6eEmXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczwkkQALAoKh0KFDQxRuqNnPXWDtmvWS0X 5RqSTQ1oPA2gn7YQvEYVUf+tmUg7B2FOXDrI30dxoWFlspIVtgH26DZG0237xxUi No6lm+2B+MskcZVfAeM0G8aYfyC2sZaPtr4gal6okwD382dtnpNDanv9ifcdvWPQ kDiQE3EiY5zdHcnSmV/a1lXO8oapcQP4q4yODs+RvJRXnXJVROleBNoBI5V2SJeU C3T4crJvGoUTc8wESkCCGU/K4Fsybzaz7T+HLr9KFMekimSSDrNQIMmuVdT06t+U gQ6hCP2wCCHMUCs4hAciAe85BnFp5ERmwzVLTlbAw6MV1NTTS0d4cGGAlNEcxLi6 MI5M9+Ou9kg67aXKkc8OSZltzXz+RECeqHp/QxWD4NLk0Q85/hVzyg9ixUGeAyfi nMRoR6I9uVPgg2sOLg0k7wh9/oEQPoC6j2cDueCcOhLUOpU56ln9rSqaFTCGNMk3 9ja1RUEb/kyoVeZVF/yzU60kFQi1tHqO1ThTSui9kO46d5f/ujxXdmIFnnMzpB2l PKxonYP6tzx1PCLZ7WKU4wfZc0p7MaPNfeZ3HcKYRzZGW5EhyfLf5bMKsgFJWOob 3Qw+meXgMegSBLdlO0fWoYwmXlpkWwJ4I5YxmDQUdMgXlNaiq1NCGXiBvnXkkW7S BgtRsKzdnIAlYpko =WrBB END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CPE : Common Platform Enumeration

Os 2

Nessus® Vulnerability Scanner

Date Description
2018-05-11 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20180502-wlc-mfdos.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-06-13 17:21:13
  • Multiple Updates
2018-05-03 05:19:52
  • Multiple Updates
2018-05-02 21:20:41
  • First insertion