A vulnerability in Cisconbsp;Aironet 1830 Series and Cisconbsp;Aironet 1850 Series Access Points running Cisconbsp;Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.

The vulnerability is due to the existence of default credentials for an affected device that is running Cisconbsp;Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point.

An attacker who has layer 3 connectivity to an affected device could use Secure Shellnbsp;(SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame

Security Impact Rating: Critical

CVE: CVE-2017-3834

Leave a Reply