Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-3831

Опубликовано: 15 мар. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:aironet_access_point_software:8.1\(15.14\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_software:8.1\(112.3\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_software:8.1\(112.4\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_software:8.1\(131.0\):*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:aironet_1810:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1810w:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1815i:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06116
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-264
CWE-287

Связанные уязвимости

github логотип

GHSA-p3g2-f65q-g6rx

CVSS3: 9.8
github
больше 3 лет назад

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219.

fstec логотип

BDU:2017-02495

CVSS3: 9.8
fstec
больше 8 лет назад

Уязвимость веб-интерфейса программного обеспечения точек доступа Cisco Aironet 1800 Series, позволяющая нарушителю обойти процедуру аутентификации, получить полные права администратора и выполнить несанкционированные изменения конфигурации или произвольную команду управления

EPSS

Процентиль: 91%
0.06116
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-264
CWE-287