Details of VAR-201705-3470

ID

VAR-201705-3470

CVE

CVE-2017-3873

TITLE

Cisco Lightweight Access point or Mobility Express Run the image Aironet At the access point root Vulnerability to execute arbitrary code with privileges

Trust: 0.8

sources: JVNDB: JVNDB-2017-004120

DESCRIPTION

A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has confirmed that the only vulnerable software version is 8.3.102.0. Cisco Bug IDs: CSCvb42386. The Cisco Aironet 1800, 2800, and 3800 Series Access Points are router access devices from Cisco. Plug-and-Play (PnP) is one of the plug-and-play services subsystems. The PnP subsystem in the Cisco Aironet 1800, 2800, and 3800 Series AccessPoints version 8.3.102.0 has an arbitrary code execution vulnerability due to the program failing to adequately verify the PnP server response. Failed exploit attempts will likely result in a denial-of-service condition

Trust: 3.06

sources: NVD: CVE-2017-3873 // JVNDB: JVNDB-2017-004120 // CNVD: CNVD-2017-08797 // CNVD: CNVD-2017-09957 // BID: 98296 // VULHUB: VHN-112076

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2017-08797 // CNVD: CNVD-2017-09957

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point	scope:	eq	version:	8.3_102.0	Trust: 1.6
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	38008.3	Trust: 1.5
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	28008.3	Trust: 1.5
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.3(15.84)	Trust: 1.2
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.3(102.0)	Trust: 1.2
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18008.3	Trust: 0.9
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.3.102.0	Trust: 0.8
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.3	Trust: 0.6
vendor:	cisco	model:	aironet series access point	scope:	eq	version:	18508.3(15.84)	Trust: 0.3
vendor:	cisco	model:	aironet series access point	scope:	eq	version:	18508.3(102.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	38008.3.112.0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	28008.3.112.0	Trust: 0.3
vendor:	cisco	model:	aironet series access point	scope:	ne	version:	18508.3(111.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access point	scope:	ne	version:	18508.3(104.45)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18008.3.112.0	Trust: 0.3

sources: CNVD: CNVD-2017-08797 // CNVD: CNVD-2017-09957 // BID: 98296 // JVNDB: JVNDB-2017-004120 // CNNVD: CNNVD-201705-765 // NVD: CVE-2017-3873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3873
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3873
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-08797
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2017-09957
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201705-765
value:	HIGH
Trust: 0.6
VULHUB:	VHN-112076
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3873
severity:	HIGH
baseScore:	7.9
vectorString:	AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-08797
severity:	HIGH
baseScore:	7.9
vectorString:	AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2017-09957
severity:	HIGH
baseScore:	7.9
vectorString:	AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112076
severity:	HIGH
baseScore:	7.9
vectorString:	AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3873
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-08797 // CNVD: CNVD-2017-09957 // VULHUB: VHN-112076 // JVNDB: JVNDB-2017-004120 // CNNVD: CNNVD-201705-765 // NVD: CVE-2017-3873

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-112076 // JVNDB: JVNDB-2017-004120 // NVD: CVE-2017-3873

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201705-765

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201705-765

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004120

PATCH

title:	cisco-sa-20170503-cme	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme	Trust: 0.8
title:	Patch for arbitrary code execution vulnerabilities in the Cisco Aironet 1800, 2800, and 3800 Series AccessPointsPlug-and-Play subsystems	url:	https://www.cnvd.org.cn/patchInfo/show/95015	Trust: 0.6
title:	Patch for CiscoAironetAccessPoints arbitrary code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/95512	Trust: 0.6
title:	Cisco Aironet 1800 , 2800 and 3800 Series Access Points Plug-and-Play Subsystem security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70337	Trust: 0.6

sources: CNVD: CNVD-2017-08797 // CNVD: CNVD-2017-09957 // JVNDB: JVNDB-2017-004120 // CNNVD: CNNVD-201705-765

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3873	Trust: 4.0
db:	BID	id:	98296	Trust: 2.6
db:	SECTRACK	id:	1038394	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-004120	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-765	Trust: 0.7
db:	CNVD	id:	CNVD-2017-08797	Trust: 0.6
db:	CNVD	id:	CNVD-2017-09957	Trust: 0.6
db:	NSFOCUS	id:	36613	Trust: 0.6
db:	VULHUB	id:	VHN-112076	Trust: 0.1

sources: CNVD: CNVD-2017-08797 // CNVD: CNVD-2017-09957 // VULHUB: VHN-112076 // BID: 98296 // JVNDB: JVNDB-2017-004120 // CNNVD: CNNVD-201705-765 // NVD: CVE-2017-3873

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-cme	Trust: 2.6
url:	http://www.securityfocus.com/bid/98296	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3873	Trust: 2.0
url:	http://www.securitytracker.com/id/1038394	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3873	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36613	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2017-08797 // CNVD: CNVD-2017-09957 // VULHUB: VHN-112076 // BID: 98296 // JVNDB: JVNDB-2017-004120 // CNNVD: CNNVD-201705-765 // NVD: CVE-2017-3873

CREDITS

Cisco

Trust: 0.3

sources: BID: 98296

SOURCES

db:	CNVD	id:	CNVD-2017-08797
db:	CNVD	id:	CNVD-2017-09957
db:	VULHUB	id:	VHN-112076
db:	BID	id:	98296
db:	JVNDB	id:	JVNDB-2017-004120
db:	CNNVD	id:	CNNVD-201705-765
db:	NVD	id:	CVE-2017-3873

LAST UPDATE DATE

2024-11-23T23:02:28.759000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-08797	date:	2017-06-08T00:00:00
db:	CNVD	id:	CNVD-2017-09957	date:	2017-06-18T00:00:00
db:	VULHUB	id:	VHN-112076	date:	2017-07-11T00:00:00
db:	BID	id:	98296	date:	2017-05-23T16:28:00
db:	JVNDB	id:	JVNDB-2017-004120	date:	2017-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201705-765	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2017-3873	date:	2024-11-21T03:26:17.363

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-08797	date:	2017-06-08T00:00:00
db:	CNVD	id:	CNVD-2017-09957	date:	2017-06-16T00:00:00
db:	VULHUB	id:	VHN-112076	date:	2017-05-16T00:00:00
db:	BID	id:	98296	date:	2017-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-004120	date:	2017-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201705-765	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2017-3873	date:	2017-05-16T17:29:00.213