CVE-2018-0250

CWE-6934 documents4 sources

Severity

4.1MEDIUM

EPSS

0.2%

top 58.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Aironet Access Point Software

Timeline

PublishedMay 2

Latest updateMay 13

Description

A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A suc…

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/aironet_access_point_software8.2\(160.0\), 8.4\(100.0\), 8.7\(1.3\)+2

▶CVEListV5cisco_aironet_access_pointsCisco Aironet Access Points

🔴Vulnerability Details

GHSA

GHSA-wq5x-gxqv-3rgf: A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800,↗2022-05-13

▶

CVEList

CVE-2018-0250: A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800,↗2018-05-02

▶

📋Vendor Advisories

Cisco

Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability↗2018-05-02

▶