A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Cisco
  • Aironet 1800
  • Aironet 3800p
  • Aironet Access Point
  • Aironet 3800e
  • Aironet 2800i
  • Aironet 2800e
  • Aironet 3800i

Configuration 1 [-]

AND
OR cpe:2.3:o:cisco:aironet_access_point:8.1\(15.14\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.1\(112.3\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.1\(112.4\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.1\(131.0\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.2\(100.0\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.2\(102.43\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.2_base:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/97468 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038187
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2017-04-07T17:00:00

Updated: 2017-07-11T09:57:01

Reserved: 2016-11-06T00:00:00

Link: CVE-2016-9196

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-04-07T17:59:00.230

Modified: 2017-07-12T01:29:03.207

Link: CVE-2016-9196

JSON object: View

cve-icon Redhat Information

No data.

CWE