CVE-2017-12281
Summary
| CVE | CVE-2017-12281 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-11-02 16:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. |
Risk And Classification
Primary CVSS: v3.0 7.5 HIGH from [email protected]
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-287 | CWE-287 CWE-287
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
AdjacentAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:A/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Cisco | Aironet 1800 Firmware | - | All | All | All |
| Hardware | Cisco | Aironet 1830e | - | All | All | All |
| Hardware | Cisco | Aironet 1830i | - | All | All | All |
| Hardware | Cisco | Aironet 1850e | - | All | All | All |
| Hardware | Cisco | Aironet 1850i | - | All | All | All |
| Hardware | Cisco | Aironet 2800e | - | All | All | All |
| Hardware | Cisco | Aironet 2800i | - | All | All | All |
| Operating System | Cisco | Aironet 2800 Firmware | - | All | All | All |
| Hardware | Cisco | Aironet 3800e | - | All | All | All |
| Hardware | Cisco | Aironet 3800i | - | All | All | All |
| Hardware | Cisco | Aironet 3800p | - | All | All | All |
| Operating System | Cisco | Aironet 3800 Firmware | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | Cisco Aironet 1800 2800 And 3800 Series Access Points | affected Cisco Aironet 1800, 2800, and 3800 Series Access Points | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Aironet PEAP Default Setting Lets Remote Users Bypass Authentication on the Target System - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco Aironet CVE-2017-12281 Authentication Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Aironet 1800, 2800, and 3800 Series Access Points MAC Authentication Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.