Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has confirmed that the only vulnerable software version is 8.3.102.0. Cisco Bug IDs: CSCvb42386.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco Aironet 1800、2800和3800 Series Access Points Plug-and-Play子系统安全漏洞
Vulnerability Description
Cisco Aironet 1800、2800和3800 Series Access Points都是美国思科(Cisco)公司的路由器接入设备。Plug-and-Play (PnP)是其中的一个即插即用服务的子系统。 Cisco Aironet 1800、2800和3800 Series Access Points 8.3.102.0版本中的PnP子系统存在任意代码执行漏洞,该漏洞源于程序没有充分的验证PnP服务器响应。物理位置临近的攻击者可利用该漏洞以root权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A