var-201704-0648
Vulnerability from variot
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691. Vendors have confirmed this vulnerability Bug ID CSCva50691 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. The former is a router; the latter is a wireless access point product
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0648",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "102.0"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "90.57"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.102.139"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.111.0"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.102.43"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.100.0"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.121.12"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.130.0"
},
{
"model": "mobility express software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "8.2"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "18508.2"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "18308.2"
},
{
"model": "aironet access point software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.2\\(130.0\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.2\\(111.0\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.2\\(102.43\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.2\\(102.139\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.2\\(100.0\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.2\\(121.12\\)"
},
{
"model": "mobility express software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.121.0"
},
{
"model": "mobility express software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2.111.0"
},
{
"model": "aironet series access points",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "18508.2.111.0"
},
{
"model": "aironet series access points",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "18308.2.111.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"db": "BID",
"id": "97422"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-278"
},
{
"db": "NVD",
"id": "CVE-2017-3834"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:aironet_access_point_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "97422"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3834",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3834",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05526",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-112037",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3834",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-3834",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3834",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-3834",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-05526",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-278",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-112037",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"db": "VULHUB",
"id": "VHN-112037"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-278"
},
{
"db": "NVD",
"id": "CVE-2017-3834"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691. Vendors have confirmed this vulnerability Bug ID CSCva50691 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. \nAn attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. The former is a router; the latter is a wireless access point product",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3834"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"db": "BID",
"id": "97422"
},
{
"db": "VULHUB",
"id": "VHN-112037"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3834",
"trust": 3.4
},
{
"db": "BID",
"id": "97422",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1038181",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-278",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-05526",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112037",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"db": "VULHUB",
"id": "VHN-112037"
},
{
"db": "BID",
"id": "97422"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-278"
},
{
"db": "NVD",
"id": "CVE-2017-3834"
}
]
},
"id": "VAR-201704-0648",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"db": "VULHUB",
"id": "VHN-112037"
}
],
"trust": 1.19107143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05526"
}
]
},
"last_update_date": "2024-11-23T22:22:34.347000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170405-ame",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame"
},
{
"title": "CiscoMobilityExpressSoftware default credential security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92872"
},
{
"title": "Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points Mobility Express Software Repair measures for trust management vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70119"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-1188",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112037"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"db": "NVD",
"id": "CVE-2017-3834"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-ame"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97422"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038181"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3834"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3834"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"db": "VULHUB",
"id": "VHN-112037"
},
{
"db": "BID",
"id": "97422"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-278"
},
{
"db": "NVD",
"id": "CVE-2017-3834"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"db": "VULHUB",
"id": "VHN-112037"
},
{
"db": "BID",
"id": "97422"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-278"
},
{
"db": "NVD",
"id": "CVE-2017-3834"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"date": "2017-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-112037"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97422"
},
{
"date": "2017-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-278"
},
{
"date": "2017-04-06T18:59:00.323000",
"db": "NVD",
"id": "CVE-2017-3834"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05526"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112037"
},
{
"date": "2017-06-05T15:01:00",
"db": "BID",
"id": "97422"
},
{
"date": "2017-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003019"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-278"
},
{
"date": "2024-11-21T03:26:12.523000",
"db": "NVD",
"id": "CVE-2017-3834"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-278"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Aironet Run on device Cisco Mobility Express Vulnerabilities related to certificate and password management in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-278"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…