Authentication Bypass Vulnerability in Cisco Mobility Express 1800 Series Access Points
CVE-2017-3831

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Mobility Express 1800 Access Point Series
Vendor: CVE Published:; 15 March 2017

What is CVE-2017-3831?

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points enables an unauthenticated remote attacker to bypass authentication. This issue arises from inadequate authentication implementation for certain web pages within the GUI. By exploiting this vulnerability through a crafted HTTP request to the affected system's web interface, the attacker could gain unauthorized access, allowing them to implement configuration changes or execute control commands on the device. It is critical for users to ensure their systems are updated to software version 8.2.110.0 or later to mitigate this risk.

Affected Version(s)

Cisco Mobility Express 1800 Access Point Series Cisco Mobility Express 1800 Access Point Series

References

http://www.securityfocus.com/bid/96909

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2017
Vulnerability Reserved
Dec 21, 2016