Authentication Bypass Vulnerability in Cisco Wireless LAN Controller and Aironet Access Points
CVE-2018-0247

4.7MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Wireless Lan Controller And Aironet Access Points
Vendor
CVE Published:
2 May 2018

Summary

A significant vulnerability exists within the Web Authentication clients of Cisco Wireless LAN Controllers and Aironet Access Points. This security flaw allows unauthenticated, adjacent attackers to bypass the authentication process. The vulnerability arises from an incorrect implementation of authentication mechanisms in certain configurations, particularly in FlexConnect Mode with NAT. Attackers can exploit this flaw to send traffic to local network resources without completing the required authentication. This exploit primarily impacts Cisco Aironet Access Points and Wireless LAN Controllers using specific configurations, enabling unauthorized access and potential traffic manipulation.

Affected Version(s)

Cisco Wireless LAN Controller and Aironet Access Points Cisco Wireless LAN Controller and Aironet Access Points

References

http://www.securityfocus.com/bid/104087
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040815
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.