—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20180502-aironet-ssh

Revision: 1.0

For Public Release: 2018 May 2 16:00 GMT

Last Updated: 2018 May 2 16:00 GMT

CVE ID(s): CVE-2018-0226

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point.

The vulnerability exists because the Cisco Mobility Express controller of the affected software configures the default SSH user account for an access point to be the first SSH user account that was created for the Mobility Express controller, if an administrator added user accounts directly to the controller instead of using the default configuration or the SSH username creation wizard. Although the user account has read-only privileges for the Mobility Express controller, the account could have administrative privileges for an associated access point. An attacker who has valid user credentials for an affected controller could exploit this vulnerability by using the default SSH user account to authenticate to an affected access point via SSH. A successful exploit could allow the attacker to log in to the affected access point with administrative privileges and perform arbitrary administrative actions.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJa6eEmXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczwkkQALAoKh0KFDQxRuqNnPXWDtmvWS0X
5RqSTQ1oPA2gn7YQvEYVUf+tmUg7B2FOXDrI30dxoWFlspIVtgH26DZG0237xxUi
No6lm+2B+MskcZVfAeM0G8aYfyC2sZaPtr4gal6okwD382dtnpNDanv9ifcdvWPQ
kDiQE3EiY5zdHcnSmV/a1lXO8oapcQP4q4yODs+RvJRXnXJVROleBNoBI5V2SJeU
C3T4crJvGoUTc8wESkCCGU/K4Fsybzaz7T+HLr9KFMekimSSDrNQIMmuVdT06t+U
gQ6hCP2wCCHMUCs4hAciAe85BnFp5ERmwzVLTlbAw6MV1NTTS0d4cGGAlNEcxLi6
MI5M9+Ou9kg67aXKkc8OSZltzXz+RECeqHp/QxWD4NLk0Q85/hVzyg9ixUGeAyfi
nMRoR6I9uVPgg2sOLg0k7wh9/oEQPoC6j2cDueCcOhLUOpU56ln9rSqaFTCGNMk3
9ja1RUEb/kyoVeZVF/yzU60kFQi1tHqO1ThTSui9kO46d5f/ujxXdmIFnnMzpB2l
PKxonYP6tzx1PCLZ7WKU4wfZc0p7MaPNfeZ3HcKYRzZGW5EhyfLf5bMKsgFJWOob
3Qw+meXgMegSBLdlO0fWoYwmXlpkWwJ4I5YxmDQUdMgXlNaiq1NCGXiBvnXkkW7S
BgtRsKzdnIAlYpko
=WrBB
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com