Sign-up

ID

VAR-201805-0505


CVE

CVE-2018-0226


TITLE

Cisco Aironet Access Point Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-004908

DESCRIPTION

A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point. The vulnerability exists because the Cisco Mobility Express controller of the affected software configures the default SSH user account for an access point to be the first SSH user account that was created for the Mobility Express controller, if an administrator added user accounts directly to the controller instead of using the default configuration or the SSH username creation wizard. Although the user account has read-only privileges for the Mobility Express controller, the account could have administrative privileges for an associated access point. An attacker who has valid user credentials for an affected controller could exploit this vulnerability by using the default SSH user account to authenticate to an affected access point via SSH. A successful exploit could allow the attacker to log in to the affected access point with administrative privileges and perform arbitrary administrative actions. This vulnerability affects the following Cisco products: Aironet 1800 Series Access Points that are running Cisco Mobility Express Software Releases 8.2.121.0 through 8.5.105.0, Aironet 2800 Series Access Points that are running Cisco Mobility Express Software Releases 8.3.102.0 through 8.5.105.0, Aironet 3800 Series Access Points that are running Cisco Mobility Express Software Releases 8.3.102.0 through 8.5.105.0. Cisco Bug IDs: CSCva68116. Cisco Aironet Access Point Contains vulnerabilities related to certificate and password management. Vendors have confirmed this vulnerability Bug ID CSCva68116 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MobilityExpressSoftware is a set of management control software running on it. Multiple Cisco Products are prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to bypass certain restrictions and gain elevated privileges

Trust: 2.52

sources: NVD: CVE-2018-0226 // JVNDB: JVNDB-2018-004908 // CNVD: CNVD-2018-09054 // BID: 104124 // VULHUB: VHN-118428

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09054

AFFECTED PRODUCTS

vendor:ciscomodel:mobility express softwarescope:eqversion:8.4\(1.65\)

Trust: 1.6

vendor:ciscomodel:mobility express softwarescope:eqversion:8.3\(90.65\)

Trust: 1.6

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.2.121.0 to 8.5.105.0

Trust: 0.8

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.3.102.0 to 8.5.105.0

Trust: 0.8

vendor:ciscomodel:mobility express software >=releasesscope:eqversion:8.2.121.0<=8.5.105.01800

Trust: 0.6

vendor:ciscomodel:mobility express software >=releasesscope:eqversion:8.3.102.0<=8.5.105.028003800

Trust: 0.6

vendor:ciscomodel:mobility express softwarescope:eqversion:8.5.105.0

Trust: 0.3

vendor:ciscomodel:mobility express softwarescope:eqversion:8.3.102.0

Trust: 0.3

vendor:ciscomodel:mobility express softwarescope:eqversion:8.2.121.0

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:38000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:28000

Trust: 0.3

vendor:ciscomodel:aironet series access pointsscope:eqversion:18000

Trust: 0.3

sources: CNVD: CNVD-2018-09054 // BID: 104124 // JVNDB: JVNDB-2018-004908 // CNNVD: CNNVD-201805-091 // NVD: CVE-2018-0226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0226
value: HIGH

Trust: 1.0

NVD: CVE-2018-0226
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-09054
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-091
value: HIGH

Trust: 0.6

VULHUB: VHN-118428
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0226
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09054
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118428
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0226
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09054 // VULHUB: VHN-118428 // JVNDB: JVNDB-2018-004908 // CNNVD: CNNVD-201805-091 // NVD: CVE-2018-0226

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118428 // JVNDB: JVNDB-2018-004908 // NVD: CVE-2018-0226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-091

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004908

PATCH
title:cisco-sa-20180502-aironet-sshurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh
Trust: 0.8
title:CiscoAironet has a patch for an elevation of privilege vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/128265
Trust: 0.6
title:Cisco Aironet 1800 , 2800  and 3800 Series Access Points Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79827
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09054 // 
            
            
            
            JVNDB: JVNDB-2018-004908 // 
            
            
            
            CNNVD: CNNVD-201805-091

EXTERNAL IDS
db:NVDid:CVE-2018-0226
Trust: 3.4
db:SECTRACKid:1040817
Trust: 2.3
db:BIDid:104124
Trust: 2.0
db:JVNDBid:JVNDB-2018-004908
Trust: 0.8
db:CNVDid:CNVD-2018-09054
Trust: 0.6
db:CNNVDid:CNNVD-201805-091
Trust: 0.6
db:VULHUBid:VHN-118428
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09054 // 
            
            
            
            VULHUB: VHN-118428 // 
            
            
            
            BID: 104124 // 
            
            
            
            JVNDB: JVNDB-2018-004908 // 
            
            
            
            CNNVD: CNNVD-201805-091 // 
            
            
            
            NVD: CVE-2018-0226

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-aironet-ssh
Trust: 2.0
url:http://www.securityfocus.com/bid/104124
Trust: 1.7
url:http://www.securitytracker.com/id/1040817
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0226
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0226
Trust: 0.8
url:https://securitytracker.com/id/1040817
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-09054 // 
            
            
            
            VULHUB: VHN-118428 // 
            
            
            
            BID: 104124 // 
            
            
            
            JVNDB: JVNDB-2018-004908 // 
            
            
            
            CNNVD: CNNVD-201805-091 // 
            
            
            
            NVD: CVE-2018-0226

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 104124

SOURCES
db:CNVDid:CNVD-2018-09054
db:VULHUBid:VHN-118428
db:BIDid:104124
db:JVNDBid:JVNDB-2018-004908
db:CNNVDid:CNNVD-201805-091
db:NVDid:CVE-2018-0226

LAST UPDATE DATE
2024-11-23T22:30:26.882000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09054date:2018-05-08T00:00:00
db:VULHUBid:VHN-118428date:2019-10-09T00:00:00
db:BIDid:104124date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004908date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-091date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0226date:2024-11-21T03:37:46.360

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09054date:2018-05-08T00:00:00
db:VULHUBid:VHN-118428date:2018-05-02T00:00:00
db:BIDid:104124date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004908date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-091date:2018-05-02T00:00:00
db:NVDid:CVE-2018-0226date:2018-05-02T22:29:00.247