Vulnslist

find the latest Cisco vulnerabilities

Cisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability

cisco-sa-20180502-aironet-auth · Medium · Published · Updated

A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2018-0247
Cisco Bug IDsCSCvf71789, CSCvc79502
CVSS ScoreBase 4.7
Base 4.7 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Wireless LAN Controller (WLC), Cisco Aironet Access Point Software

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2018-0247 Cisco OpenVuln
Cisco IOS Software CVE-2018-0247 Cisco OpenVuln
Cisco Wireless LAN Controller (WLC) CVE-2018-0247 Cisco OpenVuln
Cisco IOS CVE-2018-0247 Cisco OpenVuln
Cisco Aironet Access Point Software CVE-2018-0247 Cisco OpenVuln