{"containers": {"cna": {"affected": [{"product": "Cisco Mobility Express 1800 Access Point Series", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Mobility Express 1800 Access Point Series"}]}], "datePublic": "2017-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "Authentication Bypass Vulnerability CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-03-16T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "96909", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96909"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-3831", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Mobility Express 1800 Access Point Series", "version": {"version_data": [{"version_value": "Cisco Mobility Express 1800 Access Point Series"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication Bypass Vulnerability CWE-264"}]}]}, "references": {"reference_data": [{"name": "96909", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96909"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-3831", "datePublished": "2017-03-15T20:00:00", "dateReserved": "2016-12-21T00:00:00", "dateUpdated": "2017-03-16T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_access_point_software:8.1\\(15.14\\):*:*:*:*:*:*:*", "matchCriteriaId": "88453D71-DAF5-4813-9776-5391C31B1006", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_access_point_software:8.1\\(112.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "A187F61E-D4A4-4DF9-93B4-981C4B86F284", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_access_point_software:8.1\\(112.4\\):*:*:*:*:*:*:*", "matchCriteriaId": "A92A6EC5-E47A-4001-A25C-A1043B346EDE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_access_point_software:8.1\\(131.0\\):*:*:*:*:*:*:*", "matchCriteriaId": "AAE1697B-74D9-4416-AFBA-EAD5C0E5A6E2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1810:-:*:*:*:*:*:*:*", "matchCriteriaId": "36F923CF-D4EB-48F8-821D-8BB3A69ABB62", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1810w:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D613A17-FFA9-4FF0-9C2A-AF8ACD59B765", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1815i:-:*:*:*:*:*:*:*", "matchCriteriaId": "207DC80E-499C-4CA3-8A88-F027DBC64CCF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*", "matchCriteriaId": "4590D445-B4B6-48E6-BF55-BEA6BA763410", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*", "matchCriteriaId": "848CC5CD-1982-4F31-A626-BD567E1C19F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*", "matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*", "matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz gr\u00e1fica de usuario basada en web de los puntos de acceso Cisco Mobility Express serie 1800 podr\u00eda permitir a un atacante remoto no autenticado eludir la autenticaci\u00f3n. El atacante podr\u00eda tener privilegios completos de administrador. La vulnerabilidad se debe a la implementaci\u00f3n incorrecta de la autenticaci\u00f3n para acceder a determinadas p\u00e1ginas web a trav\u00e9s de la interfaz GUI. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a la interfaz web del sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante eludir la autenticaci\u00f3n y realizar cambios de configuraci\u00f3n no autorizados o mandar comandos de control al dispositivo afectado. Esta vulnerabilidad afecta a los puntos de acceso Cisco Mobility Express Serie 1800 que ejecutan una versi\u00f3n de software anterior a 8.2.110.0. ID de errores de Cisco: CSCuy68219."}], "id": "CVE-2017-3831", "lastModified": "2019-10-09T23:27:39.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-15T20:59:00.193", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96909"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}