Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1098 Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability 4 May 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Aironet 1800, 2800, and 3800 Series Access Points Publisher: Cisco Systems Operating System: Cisco Impact/Access: Root Compromise -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-3873 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability Advisory ID: cisco-sa-20170503-cme Revision: 1.0 For Public Release: 2017 May 3 16:00 GMT Last Updated: 2017 May 3 16:00 GMT CVE ID(s): CVE-2017-3873 CVSS Score v(3): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme"] - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZCf96ZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkKow//dfUgIr7Rz9pJ45qc 29ryqUM8W0CTN7AAJfZUhcwrvC/Pn7xZHmtJEEj9fxjzyqMueunIrPzI1vO+mmT9 92+bN7Ic0vwvbHZ5Xm9tqQQDYXik3dAqKqLrUTIQDhry/nr2Blj+71WbmbojKumY 7FzbvsigNTehxkhScg88DTtOLGQaM/GQM/VAWv2HjY5u/r7GUrsa/Uzg4E/dnsP3 bEHCQswXoF7ap+121DlvoHca2RKEYD4wdkLEzxvOmojSBPTgbLMUdKPzu1lgYLul J7N7de3bF4NpBQMKRcyyE4UTYQWwOleBunDN9uT6lrrKHfCOorZbVFmXzT/W/U8O rELVGBB1Wv/G2skOVfNz5QwF/ZWqFizcaqQTZOfayXxIwv0E/Igcf329MRhbHFJm 1RnV1hSjNlkfCvWCI4cbuj5zW6RfKQ4jAlL/Mp7PhjElsHTwXG5SfTpckMlJmuaU mwedT+pbxQbKU5thf8RjdKBEm5gItjoKuIO7iROuOKN2EJsJ/SvTekHY0ZW4g38z XdUChpSXOq8ys+xDXmYh16EDdDWVbeWzAio6D/TvK89X8Zcom4rQyGGNK+OtkIaQ QkyZ6Wybt1dRkLw4z4pq/Xv/V0XADTTjFOSStTEZvZCcBusC9hBgw2fP3kYgtBAc MdY5SzgAxRw1T1AXRNdp768H/Hw= =UB28 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWQqETYx+lLeg9Ub1AQgZYg//YQ+u6twdGhx0CzVcuoh0DvfZofMM8nym HYxo8vA3jCdl8Pmi5iDpihivDPsIPY1CLCe9RpdhYyfWyseTQ4bUu/1pC2LVQQtV 9OHL/65EQKIvvzh63qNc0y5DjLfquXLVgji/IROApjhnuQId5FxrW4Gghv8BltP6 CdCVmM2SO5rvCV4jyHyoSB9wQjXFegIf0jewABX0E066+EeBnrpHMCg6v+yH1GSl KiS32Ala3A7M8XhEDifDCUcv94xhiVJ/ZWeAhWpOhXvVmldtM2aAx3Le/W9MHVW1 qBVxC+C2DJX5fOVHQRZFI52qIRbYcEOySM+oAvXkXeDOl1tPuB/VKBU+9YdZsLDz S+mTuffA4wTTctPX3siMnOGYHa3/Pe6JHkOtybHEdP9YsChTk4IHrQ86JEK597vX 7umjuPzp5R4D6xCSZs9HKPtR+x7woi94gr8RmiPumyu7sLYNByitLHkyPs8y3wGa 7DVsXKGOk+wuVZ4rvdhfxWCYtHesKGNRFbRhrTGy2+rAENTDthVky0IQ12ZH3zHT ZEzkcESXihhuCGtCVAiHz1HlsR1X0jqjusX2KU37tWiAtrWgVgX9d8A16KloMlJQ FZl4sI2jHacOfnt/qH9tViPjseI/az5JjP/woSXnGcjz49U0RrPFt+tdQg7DDyWf yu+OIOL2uCs= =Dd/y -----END PGP SIGNATURE-----