Operating System:

[Cisco]

Published:

04 May 2017

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ESB-2017.1098 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1098
          Cisco Aironet 1800, 2800, and 3800 Series Access Points
           Plug-and-Play Arbitrary Code Execution Vulnerability
                                4 May 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Aironet 1800, 2800, and 3800 Series Access Points
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Root Compromise -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-3873  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Cisco Security Advisory: Cisco Aironet 1800, 2800, and 3800 Series Access 
Points Plug-and-Play Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20170503-cme

Revision: 1.0

For Public Release: 2017 May 3 16:00 GMT

Last Updated: 2017 May 3 16:00 GMT

CVE ID(s): CVE-2017-3873

CVSS Score v(3): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary 
======= 

A vulnerability in the Plug-and-Play (PnP) subsystem of the 
Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight
Access Point (AP) or Mobility Express image could allow an unauthenticated, 
adjacent attacker to execute arbitrary code with root privileges.

The vulnerability is due to insufficient validation of PnP server responses. 
The PnP feature is only active while the device does not contain a 
configuration, such as a first time boot or after a factory reset has been 
issued. An attacker with the ability to respond to PnP configuration requests
from the affected device can exploit the vulnerability by returning malicious
PnP responses. If a Cisco Application Policy Infrastructure Controller - 
Enterprise Module (APIC-EM) is available on the network, the attacker would 
need to exploit the issue in the short window before a valid PnP response was
received. If successful, the attacker could gain the ability to execute 
arbitrary code with root privileges on the underlying operating system of the
device.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme"]

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZCf96ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg 
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx 
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkKow//dfUgIr7Rz9pJ45qc 
29ryqUM8W0CTN7AAJfZUhcwrvC/Pn7xZHmtJEEj9fxjzyqMueunIrPzI1vO+mmT9 
92+bN7Ic0vwvbHZ5Xm9tqQQDYXik3dAqKqLrUTIQDhry/nr2Blj+71WbmbojKumY 
7FzbvsigNTehxkhScg88DTtOLGQaM/GQM/VAWv2HjY5u/r7GUrsa/Uzg4E/dnsP3 
bEHCQswXoF7ap+121DlvoHca2RKEYD4wdkLEzxvOmojSBPTgbLMUdKPzu1lgYLul 
J7N7de3bF4NpBQMKRcyyE4UTYQWwOleBunDN9uT6lrrKHfCOorZbVFmXzT/W/U8O 
rELVGBB1Wv/G2skOVfNz5QwF/ZWqFizcaqQTZOfayXxIwv0E/Igcf329MRhbHFJm 
1RnV1hSjNlkfCvWCI4cbuj5zW6RfKQ4jAlL/Mp7PhjElsHTwXG5SfTpckMlJmuaU 
mwedT+pbxQbKU5thf8RjdKBEm5gItjoKuIO7iROuOKN2EJsJ/SvTekHY0ZW4g38z 
XdUChpSXOq8ys+xDXmYh16EDdDWVbeWzAio6D/TvK89X8Zcom4rQyGGNK+OtkIaQ 
QkyZ6Wybt1dRkLw4z4pq/Xv/V0XADTTjFOSStTEZvZCcBusC9hBgw2fP3kYgtBAc 
MdY5SzgAxRw1T1AXRNdp768H/Hw= =UB28 
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWQqETYx+lLeg9Ub1AQgZYg//YQ+u6twdGhx0CzVcuoh0DvfZofMM8nym
HYxo8vA3jCdl8Pmi5iDpihivDPsIPY1CLCe9RpdhYyfWyseTQ4bUu/1pC2LVQQtV
9OHL/65EQKIvvzh63qNc0y5DjLfquXLVgji/IROApjhnuQId5FxrW4Gghv8BltP6
CdCVmM2SO5rvCV4jyHyoSB9wQjXFegIf0jewABX0E066+EeBnrpHMCg6v+yH1GSl
KiS32Ala3A7M8XhEDifDCUcv94xhiVJ/ZWeAhWpOhXvVmldtM2aAx3Le/W9MHVW1
qBVxC+C2DJX5fOVHQRZFI52qIRbYcEOySM+oAvXkXeDOl1tPuB/VKBU+9YdZsLDz
S+mTuffA4wTTctPX3siMnOGYHa3/Pe6JHkOtybHEdP9YsChTk4IHrQ86JEK597vX
7umjuPzp5R4D6xCSZs9HKPtR+x7woi94gr8RmiPumyu7sLYNByitLHkyPs8y3wGa
7DVsXKGOk+wuVZ4rvdhfxWCYtHesKGNRFbRhrTGy2+rAENTDthVky0IQ12ZH3zHT
ZEzkcESXihhuCGtCVAiHz1HlsR1X0jqjusX2KU37tWiAtrWgVgX9d8A16KloMlJQ
FZl4sI2jHacOfnt/qH9tViPjseI/az5JjP/woSXnGcjz49U0RrPFt+tdQg7DDyWf
yu+OIOL2uCs=
=Dd/y
-----END PGP SIGNATURE-----