Cisco Wireless LAN Controller Software Mesh improper authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Cisco Wireless LAN Controller Software. Affected is an unknown function of the component Mesh Handler. The manipulation leads to improper authentication. This vulnerability is documented as CVE-2017-3854. It is possible to launch the attack on the physical device. There is not any exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Cisco Wireless LAN Controller Software (Wireless LAN Software) (affected version unknown) and classified as problematic. This issue affects an unknown functionality of the component Mesh Handler. The manipulation with an unknown input leads to a improper authentication vulnerability. Using CWE to declare the problem leads to CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system. This vulnerability affects the following products running a vulnerable version of Wireless LAN Controller software and configured for meshed mode: Cisco 8500 Series Wireless Controller, Cisco 5500 Series Wireless Controller, Cisco 2500 Series Wireless Controller, Cisco Flex 7500 Series Wireless Controller, Cisco Virtual Wireless Controller, Wireless Services Module 2 (WiSM2). Note that additional configuration is needed in addition to upgrading to a fixed release. Cisco Bug IDs: CSCuc98992 CSCuu14804.
The bug was discovered 03/15/2017. The weakness was released 03/15/2017 with Cisco as cisco-sa-20170315-wlc-mesh / CSCuu14804 as confirmed advisory (Website). The advisory is shared at tools.cisco.com. The public release was coordinated with Cisco. The identification of this vulnerability is CVE-2017-3854 since 12/21/2016. An attack has to be approached locally. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.
The commercial vulnerability scanner Qualys is able to test this issue with plugin 316086 (Cisco Meshed Wireless LAN Controller Impersonation Vulnerability (cisco-sa-20170315-wlc-mesh)).
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the databases at SecurityFocus (BID 96911†) and SecurityTracker (ID 1038041†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.6VulDB Meta Temp Score: 6.4
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: Yes
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
OpenVAS ID: 803167
OpenVAS Name: Cisco Meshed Wireless LAN Controller Impersonation Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
12/21/2016 🔍03/15/2017 🔍
03/15/2017 🔍
03/15/2017 🔍
03/15/2017 🔍
03/16/2017 🔍
12/25/2024 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20170315-wlc-mesh / CSCuu14804
Organization: Cisco
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2017-3854 (🔍)
GCVE (CVE): GCVE-0-2017-3854
GCVE (VulDB): GCVE-100-98141
SecurityFocus: 96911 - Cisco Wireless LAN Controller CVE-2017-3854 Remote Security Bypass Vulnerability
OSVDB: - CVE-2017-3854 - Cisco - Wireless LAN Controller - Spoofing Issue
SecurityTracker: 1038041
Entry
Created: 03/16/2017 13:33Updated: 12/25/2024 20:07
Changes: 03/16/2017 13:33 (72), 08/19/2020 14:19 (3), 12/25/2024 20:07 (17)
Complete: 🔍
Cache ID: 216:F4B:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.