CVE-2017-3831

CWE-264CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
6.1%
top 9.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Aironet Access Point Software
Timeline
PublishedMar 15
Latest updateMay 13

Description

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit coul

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_mobility_express_1800_access_point_seriesCisco Mobility Express 1800 Access Point Series

🔴Vulnerability Details

2
GHSA
GHSA-p3g2-f65q-g6rx: A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass aut2022-05-13
CVEList
CVE-2017-3831: A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass aut2017-03-15

📋Vendor Advisories

1
Cisco
Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability2017-03-15
CVE-2017-3831 (CRITICAL CVSS 9.8) | A vulnerability in the web-based GU | cvebase.io