Details of VAR-201711-0310

ID

VAR-201711-0310

CVE

CVE-2017-12281

TITLE

plural Cisco Aironet Access point authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-009844

DESCRIPTION

A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. Vendors have confirmed this vulnerability Bug ID CSCvd46314 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco Aironet Access Point delivers industry-leading performance for secure, reliable wireless connectivity. Remote users on the local network can exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. Cisco Aironet is prone to an authentication-bypass vulnerability. This may lead to further attacks

Trust: 2.52

sources: NVD: CVE-2017-12281 // JVNDB: JVNDB-2017-009844 // CNVD: CNVD-2017-35878 // BID: 101649 // VULHUB: VHN-102788

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35878

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet 2800	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	aironet 3800	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	aironet 1800	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	aironet 1800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 2800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet 3800 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	aironet series access point	scope:	eq	version:	3800	Trust: 0.6
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	1800	Trust: 0.6
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	2800	Trust: 0.6
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18008.2(141.0)	Trust: 0.6
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	38000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	28000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18508.2(141.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	18000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.2(160.0)	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	18508.2(154.29)	Trust: 0.3

sources: CNVD: CNVD-2017-35878 // BID: 101649 // JVNDB: JVNDB-2017-009844 // CNNVD: CNNVD-201711-072 // NVD: CVE-2017-12281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12281
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12281
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-35878
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-072
value:	HIGH
Trust: 0.6
VULHUB:	VHN-102788
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12281
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-35878
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102788
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12281
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35878 // VULHUB: VHN-102788 // JVNDB: JVNDB-2017-009844 // CNNVD: CNNVD-201711-072 // NVD: CVE-2017-12281

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-102788 // JVNDB: JVNDB-2017-009844 // NVD: CVE-2017-12281

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-072

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-072

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009844

PATCH

title:	cisco-sa-20171101-aironet3	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3	Trust: 0.8
title:	CiscoAironet authentication bypasses the patch for the vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/107589	Trust: 0.6
title:	Cisco Aironet 1800 , 2800 and 3800 Series Access Points Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76122	Trust: 0.6

sources: CNVD: CNVD-2017-35878 // JVNDB: JVNDB-2017-009844 // CNNVD: CNNVD-201711-072

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12281	Trust: 3.4
db:	BID	id:	101649	Trust: 2.0
db:	SECTRACK	id:	1039725	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-009844	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-072	Trust: 0.7
db:	CNVD	id:	CNVD-2017-35878	Trust: 0.6
db:	VULHUB	id:	VHN-102788	Trust: 0.1

sources: CNVD: CNVD-2017-35878 // VULHUB: VHN-102788 // BID: 101649 // JVNDB: JVNDB-2017-009844 // CNNVD: CNNVD-201711-072 // NVD: CVE-2017-12281

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-aironet3	Trust: 2.6
url:	http://www.securityfocus.com/bid/101649	Trust: 1.7
url:	http://www.securitytracker.com/id/1039725	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12281	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12281	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-35878 // VULHUB: VHN-102788 // BID: 101649 // JVNDB: JVNDB-2017-009844 // CNNVD: CNNVD-201711-072 // NVD: CVE-2017-12281

CREDITS

Cisco

Trust: 0.3

sources: BID: 101649

SOURCES

db:	CNVD	id:	CNVD-2017-35878
db:	VULHUB	id:	VHN-102788
db:	BID	id:	101649
db:	JVNDB	id:	JVNDB-2017-009844
db:	CNNVD	id:	CNNVD-201711-072
db:	NVD	id:	CVE-2017-12281

LAST UPDATE DATE

2024-11-23T23:12:18.420000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35878	date:	2017-12-01T00:00:00
db:	VULHUB	id:	VHN-102788	date:	2019-10-09T00:00:00
db:	BID	id:	101649	date:	2017-12-19T22:00:00
db:	JVNDB	id:	JVNDB-2017-009844	date:	2017-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201711-072	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12281	date:	2024-11-21T03:09:13.520

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35878	date:	2017-12-01T00:00:00
db:	VULHUB	id:	VHN-102788	date:	2017-11-02T00:00:00
db:	BID	id:	101649	date:	2017-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-009844	date:	2017-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201711-072	date:	2017-11-09T00:00:00
db:	NVD	id:	CVE-2017-12281	date:	2017-11-02T16:29:00.613