CVE-2017-3834
https://notcve.org/view.php?id=CVE-2017-3834
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. • http://www.securityfocus.com/bid/97422 http://www.securitytracker.com/id/1038181 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame • CWE-255: Credentials Management Errors CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2017-3831
https://notcve.org/view.php?id=CVE-2017-3831
A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. • http://www.securityfocus.com/bid/96909 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVE-2016-9220
https://notcve.org/view.php?id=CVE-2016-9220
A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91). Una vulnerabilidad de denegación de servicio en el procesamiento del paquete de entrada 802.11 de los Access Points (APs) de Cisco Mobility Express 2800 y 3800 podrían permitir a un atacante adyacente no autenticado provocar que la tabla de conexiones esté repleta de conexiones no válidas y sea incapaz de procesar nuevas peticiones de entrada. • http://www.securityfocus.com/bid/95633 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1 • CWE-399: Resource Management Errors •
CVE-2016-9221
https://notcve.org/view.php?id=CVE-2016-9221
A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85). • http://www.securityfocus.com/bid/95631 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2 • CWE-399: Resource Management Errors •
CVE-2016-6363
https://notcve.org/view.php?id=CVE-2016-6363
The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192. La función de la velocidad límite en el protocolo de implementación 802.11 en dispositivos Cisco Aironet 1800, 2800 y 3800 con software en versiones anteriores a 8.2.121.0 y 8.3.x en versiones anteriores a 8.3.102.0 permite a atacantes remotos causar una denegación de servicio (reinicio del dispositivo) a través de marcos 802.11 manipulados, también conocido como Bug ID CSCva06192. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2 http://www.securityfocus.com/bid/92511 http://www.securitytracker.com/id/1036645 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •