Remote Code Execution Flaw in Cisco Access Points
CVE-2017-3873

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Aironet 1800, 2800, And 3800 Series Access Points
Vendor
CVE Published:
16 May 2017

Summary

A vulnerability exists in the Plug-and-Play (PnP) subsystem of Cisco Aironet 1800, 2800, and 3800 Series Access Points running version 8.3.102.0. This flaw allows an unauthenticated, adjacent attacker to exploit the insufficient validation of PnP server responses to execute arbitrary code with root privileges. The PnP feature is active during the initial boot or after a factory reset, making devices susceptible during these stages. An attacker can respond to PnP configuration requests with malicious responses, gaining unauthorized control over the device's operating system if successful, especially if a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is present on the network.

Affected Version(s)

Cisco Aironet 1800, 2800, and 3800 Series Access Points Cisco Aironet 1800, 2800, and 3800 Series Access Points

References

http://www.securitytracker.com/id/1038394
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/98296
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.