Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   Cisco Aironet Vendors:   Cisco
Cisco Aironet PEAP Default Setting Lets Remote Users Bypass Authentication on the Target System
SecurityTracker Alert ID:  1039725
SecurityTracker URL:
CVE Reference:   CVE-2017-12281   (Links to External Site)
Date:  Nov 2 2017
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1800, 2800, and 3800 Series
Description:   A vulnerability was reported in Cisco Aironet 1800, 2800, and 3800 Series Access Points. A remote user on the local network can bypass authentication.

A remote user on the local network can exploit an incorrect default configuration setting in the Protected Extensible Authentication Protocol (PEAP) implementation to bypass authentication and connect to the target system.

Systems that use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering are affected.

The vendor has assigned bug ID CSCvd46314 to this vulnerability.

Impact:   A remote user on the local network can connect to the target system.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC