SSH Access Vulnerability in Cisco Aironet Access Points
CVE-2018-0226

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Aironet 1800, 2800, And 3800 Series Access Points
Vendor
CVE Published:
2 May 2018

Summary

The vulnerability arises from the incorrect management of SSH user accounts for Cisco Aironet 1800, 2800, and 3800 Series Access Points running Cisco Mobility Express Software. An authenticated attacker can exploit this weakness to gain elevated privileges. Specifically, if an administrator adds user accounts improperly, the default SSH user account configuration allows attackers with valid credentials to authenticate to the access point using a privilege escalation method. This could lead to unauthorized administrative access and possible control over the network device.

Affected Version(s)

Cisco Aironet 1800, 2800, and 3800 Series Access Points Cisco Aironet 1800, 2800, and 3800 Series Access Points

References

http://www.securityfocus.com/bid/104124
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040817
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.