CVE-2017-12281

Published: Nov 2, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314.

Affected (3)

Products: Cisco: Aironet 1800 Firmware, Aironet 2800 Firmware, Aironet 3800 Firmware

3 products

Aironet 1800 Firmware

Aironet 2800 Firmware

Aironet 3800 Firmware

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Cisco Aironet 1800 Firmware	All versions

Running on/with	Platform Versions
Cisco Aironet 1830e	All versions
Cisco Aironet 1830i	All versions
Cisco Aironet 1850e	All versions
Cisco Aironet 1850i	All versions

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Aironet 2800 Firmware	All versions

Running on/with	Platform Versions
Cisco Aironet 2800e	All versions
Cisco Aironet 2800i	All versions

Configuration C

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Cisco Aironet 3800 Firmware	All versions

Running on/with	Platform Versions
Cisco Aironet 3800e	All versions
Cisco Aironet 3800i	All versions
Cisco Aironet 3800p	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://www.securityfocus.com/bid/101649

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039725

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/101649

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039725

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.