CISCO : Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106803

Kategorie: CISCO

Titel: Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability

Zusammenfassung: A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet;1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could;allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges.

Beschreibung: Summary:
A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet
1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could
allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges.

Vulnerability Insight:
The vulnerability is due to insufficient validation of PnP server responses.
The PnP feature is only active while the device does not contain a configuration, such as a first time boot or
after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from
the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application
Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would
need to exploit the issue in the short window before a valid PnP response was received.

Vulnerability Impact:
If successful, the attacker could gain the ability to execute arbitrary code
with root privileges on the underlying operating system of the device.

Solution:
Update to version 8.3.112.0 or later.

CVSS Score:
7.9

CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-3873
BugTraq ID: 98296
http://www.securityfocus.com/bid/98296
http://www.securitytracker.com/id/1038394

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106803
Kategorie:	CISCO
Titel:	Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
Zusammenfassung:	A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet;1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could;allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges.
Beschreibung:	Summary: A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. Vulnerability Insight: The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. Vulnerability Impact: If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Solution: Update to version 8.3.112.0 or later. CVSS Score: 7.9 CVSS Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3873 BugTraq ID: 98296 http://www.securityfocus.com/bid/98296 http://www.securitytracker.com/id/1038394
Copyright	Copyright (C) 2017 Greenbone Networks GmbH