CVE-2017-3873
https://notcve.org/view.php?id=CVE-2017-3873
A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. • http://www.securityfocus.com/bid/98296 http://www.securitytracker.com/id/1038394 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme • CWE-20: Improper Input Validation •
CVE-2016-9196
https://notcve.org/view.php?id=CVE-2016-9196
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). • http://www.securityfocus.com/bid/97468 http://www.securitytracker.com/id/1038187 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet • CWE-264: Permissions, Privileges, and Access Controls •