cnvd - cnvd-2018-14568

CNVD-2018-14568

Vulnerability from cnvd - Published: 2018-08-02

Title

多款Cisco设备Central Web Authentication ACL绕过漏洞

Description

Cisco Aironet 1560 Series Access Points等都是美国思科（Cisco）公司的不同系列的无线接入点设备。Central Web Authentication（CWA）with FlexConnect Access Points（APs）是其中的一个使用无线接入点配置中央Web身份验证的组件。多款Cisco产品中的使用APs的CWA存在安全漏洞。攻击者可通过连接目标设备利用该漏洞绕过已配置的FlexConnect访问列表限制。

Severity

低

Patch Name

多款Cisco设备Central Web Authentication ACL绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-0250

Impacted products

Name
['Cisco Aironet 3800 Series Access Point', 'Cisco Aironet 2800 Series Access Points', 'Cisco Aironet 1560 Series Access Points', 'Cisco Aironet 1810 Series OfficeExtend Access Points', 'Cisco Aironet 1810w Series Access Points', 'Cisco Aironet 1815 Series Access Points', 'Cisco Aironet 1830 Series Access Points', 'Cisco Aironet 1850 Series Access Points']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0250",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2018-0250"
    }
  },
  "description": "Cisco Aironet 1560 Series Access Points\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u65e0\u7ebf\u63a5\u5165\u70b9\u8bbe\u5907\u3002Central Web Authentication\uff08CWA\uff09with FlexConnect Access Points\uff08APs\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4f7f\u7528\u65e0\u7ebf\u63a5\u5165\u70b9\u914d\u7f6e\u4e2d\u592eWeb\u8eab\u4efd\u9a8c\u8bc1\u7684\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684\u4f7f\u7528APs\u7684CWA\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fde\u63a5\u76ee\u6807\u8bbe\u5907\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5df2\u914d\u7f6e\u7684FlexConnect\u8bbf\u95ee\u5217\u8868\u9650\u5236\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14568",
  "openTime": "2018-08-02",
  "patchDescription": "Cisco Aironet 1560 Series Access Points\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u65e0\u7ebf\u63a5\u5165\u70b9\u8bbe\u5907\u3002Central Web Authentication\uff08CWA\uff09with FlexConnect Access Points\uff08APs\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4f7f\u7528\u65e0\u7ebf\u63a5\u5165\u70b9\u914d\u7f6e\u4e2d\u592eWeb\u8eab\u4efd\u9a8c\u8bc1\u7684\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684\u4f7f\u7528APs\u7684CWA\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fde\u63a5\u76ee\u6807\u8bbe\u5907\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5df2\u914d\u7f6e\u7684FlexConnect\u8bbf\u95ee\u5217\u8868\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco\u8bbe\u5907Central Web Authentication ACL\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Aironet 3800 Series Access Point",
      "Cisco Aironet 2800 Series Access Points",
      "Cisco Aironet 1560 Series Access Points",
      "Cisco Aironet 1810 Series OfficeExtend Access Points",
      "Cisco Aironet 1810w Series Access Points",
      "Cisco Aironet 1815 Series Access Points",
      "Cisco Aironet 1830 Series Access Points",
      "Cisco Aironet 1850 Series Access Points"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0250",
  "serverity": "\u4f4e",
  "submitTime": "2018-06-13",
  "title": "\u591a\u6b3eCisco\u8bbe\u5907Central Web Authentication ACL\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-0250 (GCVE-0-2018-0250)

Vulnerability from cvelistv5 – Published: 2018-05-02 22:00 – Updated: 2024-11-29 15:13

Summary

A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756.

Severity ?

No CVSS data available.

CWE

CWE-693

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1040818	vdb-entryx_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Aironet Access Points	Affected: Cisco Aironet Access Points

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:14.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040818",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040818"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0250",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:38:12.474869Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:13:00.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Aironet Access Points",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Aironet Access Points"
            }
          ]
        }
      ],
      "datePublic": "2018-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-04T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1040818",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040818"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Aironet Access Points",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Aironet Access Points"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-693"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040818",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040818"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0250",
    "datePublished": "2018-05-02T22:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:13:00.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-14568

CVE-2018-0250 (GCVE-0-2018-0250)

Tags

Sightings

Nomenclature