CVE-2017-3834
published 2017-04-06CVE-2017-3834: A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.46%
90.2th percentile
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | aironet_1830_series_and_1850_series_access_points_mobility_express_default_crede | — | — |
| cisco | aironet_access_point_firmware | — | — |
| cisco | aironet_access_point_firmware | — | — |
| cisco | aironet_access_point_firmware | — | — |
| cisco | aironet_access_point_firmware | — | — |
| cisco | aironet_access_point_firmware | — | — |
| cisco | aironet_access_point_firmware | — | — |
| cisco | aironet_access_point_firmware | — | — |
| cisco | aironet_access_point_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated or anomalous SSH login attempts to Cisco Aironet 1830/1850 Series Access Points running Cisco Mobility Express Software 8.2.x prior to 8.2.111.0, particularly logins with elevated privileges using default credentials. ↗
- →The vulnerability exists regardless of device role (master, subordinate, or standalone access point), so detection should cover all deployment modes of affected Mobility Express devices. ↗
- →Scope detection to Cisco Mobility Express Software 8.2.x releases prior to 8.2.111.0, as Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. ↗
- ·The vulnerability is due to hardcoded/default credentials present in Cisco Mobility Express Software on affected devices; exploitation requires only layer 3 network connectivity to the device — no prior authentication needed. ↗
- ·There are no workarounds available for this vulnerability; the only remediation is upgrading to Cisco Mobility Express Software Release 8.2.111.0 or later. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c6vq-6rwf-mq8q: A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauth
ghsa_unreviewed·2022-05-13
CVE-2017-3834 [CRITICAL] CWE-1188 GHSA-c6vq-6rwf-mq8q: A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauth
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are run
Cisco
Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
vendor_cisco·2017-04-05·CVSS 9.8
CVE-2017-3834 [CRITICAL] CWE-255 Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.
The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.
Cisco
Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-3834 Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
CVE-2017-3834: Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/97422http://www.securitytracker.com/id/1038181https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-amehttp://www.securityfocus.com/bid/97422http://www.securitytracker.com/id/1038181https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
2017-04-06
Published