Authentication Bypass Vulnerability in Cisco Aironet Access Points

CVE-2017-12281

Summary

A security flaw in the implementation of Protected Extensible Authentication Protocol (PEAP) affects standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points. This vulnerability arises from an incorrect default setting that enables a 'fail open' mode when operating in standalone configuration. An attacker positioned adjacent to the device could exploit this weakness, allowing them to bypass authentication checks and connect to the network without proper credentials. This exploitation could lead to unauthorized access, posing risks to network integrity and security, particularly when configurations involve FlexConnect local switching and central authentication with MAC filtering.

References