SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco Aironet Vendors:   Cisco
Cisco Aironet PEAP Default Setting Lets Remote Users Bypass Authentication on the Target System
SecurityTracker Alert ID:  1039725
SecurityTracker URL:  http://securitytracker.com/id/1039725
CVE Reference:   CVE-2017-12281   (Links to External Site)
Date:  Nov 2 2017
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1800, 2800, and 3800 Series
Description:   A vulnerability was reported in Cisco Aironet 1800, 2800, and 3800 Series Access Points. A remote user on the local network can bypass authentication.

A remote user on the local network can exploit an incorrect default configuration setting in the Protected Extensible Authentication Protocol (PEAP) implementation to bypass authentication and connect to the target system.

Systems that use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering are affected.

The vendor has assigned bug ID CSCvd46314 to this vulnerability.

Impact:   A remote user on the local network can connect to the target system.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3 (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC