Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-3834

Опубликовано: 06 апр. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 wa

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:aironet_access_point_firmware:8.2.100.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_firmware:8.2.102.43:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_firmware:8.2.102.139:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_firmware:8.2.111.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_firmware:8.2.121.12:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_firmware:8.2.130.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_firmware:90.57:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point_firmware:102.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:aironet_1830i_access_point:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1850e_access_point:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1850i_access_point:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06232
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-255
CWE-1188

Связанные уязвимости

github логотип

GHSA-c6vq-6rwf-mq8q

CVSS3: 9.8
github
больше 3 лет назад

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2...

fstec логотип

BDU:2017-02461

CVSS3: 9.8
fstec
почти 9 лет назад

Уязвимость микропрограммного обеспечения Cisco Mobility Express Software точек доступа Cisco Aironet 1830 Series и 1850 Series, связанная с использованием предустановленных учетных данных, позволяющая нарушителю получить полный контроль над устройством

EPSS

Процентиль: 91%
0.06232
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-255
CWE-1188