{"containers": {"cna": {"affected": [{"product": "Cisco Aironet 1800, 2800, and 3800 Series Access Points", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Aironet 1800, 2800, and 3800 Series Access Points"}]}], "datePublic": "2017-11-02T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "101649", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101649"}, {"name": "1039725", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039725"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-12281", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Aironet 1800, 2800, and 3800 Series Access Points", "version": {"version_data": [{"version_value": "Cisco Aironet 1800, 2800, and 3800 Series Access Points"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287"}]}]}, "references": {"reference_data": [{"name": "101649", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101649"}, {"name": "1039725", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039725"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-12281", "datePublished": "2017-11-02T16:00:00", "dateReserved": "2017-08-03T00:00:00", "dateUpdated": "2017-11-03T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "54BDAFC3-940F-40C4-896E-99B6DABA9E3F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*", "matchCriteriaId": "4590D445-B4B6-48E6-BF55-BEA6BA763410", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*", "matchCriteriaId": "848CC5CD-1982-4F31-A626-BD567E1C19F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*", "matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*", "matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_2800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAD27F3F-961F-4F44-AD2D-CF9EAD04E2B5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*", "matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_3800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFFE3575-DDAF-433E-8D77-4CCADADC99B9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*", "matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*", "matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*", "matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Protected Extensible Authentication Protocol (PEAP) para las configuraciones independientes de Cisco Aironet 1800, 2800, and 3800 Series Access Points podr\u00eda permitir que un atacante adyacente sin autenticar omita la autenticaci\u00f3n y se conecte a un dispositivo afectado. La vulnerabilidad existe porque el dispositivo afectado utiliza una configuraci\u00f3n por defecto incorrecta en la que se queda abierto despu\u00e9s de que falle cuando se ejecuta en modo independiente. Un atacante podr\u00eda explotar esta vulnerabilidad intentando conectarse a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir que el atacante omita la autenticaci\u00f3n y se conecte al dispositivo afectado. Esta vulnerabilidad afecta a Cisco Aironet 1800, 2800, and 3800 Series Access Points que est\u00e9n ejecutando una distribuci\u00f3n de software vulnerable y utilicen la configuraci\u00f3n WLAN que incluye la conmutaci\u00f3n local FlexConnect y la autenticaci\u00f3n central con filtrado MAC. Cisco Bug IDs: CSCvd46314."}], "id": "CVE-2017-12281", "lastModified": "2019-10-09T23:22:50.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-02T16:29:00.613", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101649"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039725"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}