Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability: CVE-2017-3834

Description: The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device.

Impact:  An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks.

Mitigation: Cisco has released software updates that addresses this vulnerability.

Reference URL’s:

Share