Details of VAR-201704-0648

ID

VAR-201704-0648

CVE

CVE-2017-3834

TITLE

plural Cisco Aironet Run on device Cisco Mobility Express Vulnerabilities related to certificate and password management in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-003019

DESCRIPTION

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691. Vendors have confirmed this vulnerability Bug ID CSCva50691 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. The former is a router; the latter is a wireless access point product

Trust: 2.52

sources: NVD: CVE-2017-3834 // JVNDB: JVNDB-2017-003019 // CNVD: CNVD-2017-05526 // BID: 97422 // VULHUB: VHN-112037

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05526

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point	scope:	eq	version:	102.0	Trust: 1.6
vendor:	cisco	model:	aironet access point	scope:	eq	version:	90.57	Trust: 1.6
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2.102.139	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2.111.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2.102.43	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2.100.0	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2.121.12	Trust: 1.0
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2.130.0	Trust: 1.0
vendor:	cisco	model:	mobility express software	scope:	eq	version:	8.2	Trust: 0.9
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.2	Trust: 0.9
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18308.2	Trust: 0.9
vendor:	cisco	model:	aironet access point software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2\(130.0\)	Trust: 0.6
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2\(111.0\)	Trust: 0.6
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2\(102.43\)	Trust: 0.6
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2\(102.139\)	Trust: 0.6
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2\(100.0\)	Trust: 0.6
vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.2\(121.12\)	Trust: 0.6
vendor:	cisco	model:	mobility express software	scope:	ne	version:	8.2.121.0	Trust: 0.3
vendor:	cisco	model:	mobility express software	scope:	ne	version:	8.2.111.0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.2.111.0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18308.2.111.0	Trust: 0.3

sources: CNVD: CNVD-2017-05526 // BID: 97422 // JVNDB: JVNDB-2017-003019 // CNNVD: CNNVD-201704-278 // NVD: CVE-2017-3834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3834
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-3834
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-05526
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-278
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-112037
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3834
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-05526
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112037
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3834
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2017-3834
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-05526 // VULHUB: VHN-112037 // JVNDB: JVNDB-2017-003019 // CNNVD: CNNVD-201704-278 // NVD: CVE-2017-3834

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.9
problemtype:	CWE-1188	Trust: 1.0

sources: VULHUB: VHN-112037 // JVNDB: JVNDB-2017-003019 // NVD: CVE-2017-3834

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-278

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201704-278

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003019

PATCH

title:	cisco-sa-20170405-ame	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame	Trust: 0.8
title:	CiscoMobilityExpressSoftware default credential security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/92872	Trust: 0.6
title:	Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points Mobility Express Software Repair measures for trust management vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70119	Trust: 0.6

sources: CNVD: CNVD-2017-05526 // JVNDB: JVNDB-2017-003019 // CNNVD: CNNVD-201704-278

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3834	Trust: 3.4
db:	BID	id:	97422	Trust: 2.6
db:	SECTRACK	id:	1038181	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-003019	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-278	Trust: 0.7
db:	CNVD	id:	CNVD-2017-05526	Trust: 0.6
db:	VULHUB	id:	VHN-112037	Trust: 0.1

sources: CNVD: CNVD-2017-05526 // VULHUB: VHN-112037 // BID: 97422 // JVNDB: JVNDB-2017-003019 // CNNVD: CNNVD-201704-278 // NVD: CVE-2017-3834

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-ame	Trust: 2.6
url:	http://www.securityfocus.com/bid/97422	Trust: 1.7
url:	http://www.securitytracker.com/id/1038181	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3834	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3834	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-05526 // VULHUB: VHN-112037 // BID: 97422 // JVNDB: JVNDB-2017-003019 // CNNVD: CNNVD-201704-278 // NVD: CVE-2017-3834

CREDITS

Cisco

Trust: 0.3

sources: BID: 97422

SOURCES

db:	CNVD	id:	CNVD-2017-05526
db:	VULHUB	id:	VHN-112037
db:	BID	id:	97422
db:	JVNDB	id:	JVNDB-2017-003019
db:	CNNVD	id:	CNNVD-201704-278
db:	NVD	id:	CVE-2017-3834

LAST UPDATE DATE

2024-11-23T22:22:34.347000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-05526	date:	2017-04-27T00:00:00
db:	VULHUB	id:	VHN-112037	date:	2019-10-03T00:00:00
db:	BID	id:	97422	date:	2017-06-05T15:01:00
db:	JVNDB	id:	JVNDB-2017-003019	date:	2017-05-11T00:00:00
db:	CNNVD	id:	CNNVD-201704-278	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3834	date:	2024-11-21T03:26:12.523

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-05526	date:	2017-04-27T00:00:00
db:	VULHUB	id:	VHN-112037	date:	2017-04-06T00:00:00
db:	BID	id:	97422	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-003019	date:	2017-05-11T00:00:00
db:	CNNVD	id:	CNNVD-201704-278	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2017-3834	date:	2017-04-06T18:59:00.323