Cisco Mobility Express Software CVE-2017-3834 Default Credentials Security Bypass Vulnerability

Cisco Mobility Express Software is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks.

This issue is tracked by Cisco Bug ID CSCva50691.

Information

Bugtraq ID: 97422
Class: Design Error
CVE: CVE-2017-3834

Remote: Yes
Local: No
Published: Apr 05 2017 12:00AM
Updated: Jun 05 2017 03:01PM
Credit: Cisco
Vulnerable: Cisco Mobility Express Software 8.2
Cisco Aironet 1850 Series Access Points 8.2
Cisco Aironet 1830 Series Access Points 8.2

Not Vulnerable: Cisco Mobility Express Software 8.2.121.0
Cisco Mobility Express Software 8.2.111.0
Cisco Aironet 1850 Series Access Points 8.2.111.0
Cisco Aironet 1830 Series Access Points 8.2.111.0

Exploit

Attackers can use readily available tools to exploit this issue.

References:

• Cisco Homepage (Cisco )
  
• cisco-sa-20170405-ame: Cisco Aironet 1830 Series and 1850 Series Access Points (Cisco)
  

Source: www.securityfocus.com