CVE-2016-9196
First published: Fri Apr 07 2017(Updated: )
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Access Points | =8.1\(15.14\) | |
| Cisco Access Points | =8.1\(112.3\) | |
| Cisco Access Points | =8.1\(112.4\) | |
| Cisco Access Points | =8.1\(131.0\) | |
| Cisco Access Points | =8.2\(100.0\) | |
| Cisco Access Points | =8.2\(102.43\) | |
| Cisco Access Points | =8.2_base | |
| Cisco Aironet 1800 Firmware | ||
| Cisco Aironet 2800e Firmware | ||
| Cisco Aironet 2800 Firmware | ||
| Cisco Aironet 3800E Firmware | ||
| Cisco Aironet 3800 Firmware | ||
| Cisco Aironet 3800P Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9196?
CVE-2016-9196 is rated as a high severity vulnerability due to its potential for allowing unauthorized root access.
How do I fix CVE-2016-9196?
To fix CVE-2016-9196, update Cisco Aironet 1800, 2800, or 3800 Series Access Points to the latest version recommended by Cisco.
Who is affected by CVE-2016-9196?
CVE-2016-9196 affects users of Cisco Aironet 1800, 2800, and 3800 Series Access Points running specific vulnerable software versions.
What impact does CVE-2016-9196 have?
The impact of CVE-2016-9196 is that an authenticated local attacker can gain unauthorized unrestricted root access to the Linux operating system.
Is CVE-2016-9196 exploitability possible?
Yes, CVE-2016-9196 is potentially exploitable by authenticated local attackers who can leverage the vulnerability for escalation of privileges.
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco access points
- version/cisco access points/8.1\(15.14\)
- version/cisco access points/8.1\(112.3\)
- version/cisco access points/8.1\(112.4\)
- version/cisco access points/8.1\(131.0\)
- version/cisco access points/8.2\(100.0\)
- version/cisco access points/8.2\(102.43\)
- version/cisco access points/8.2_base
- canonical/cisco aironet 1800 firmware
- canonical/cisco aironet 2800e firmware
- canonical/cisco aironet 2800 firmware
- canonical/cisco aironet 3800e firmware
- canonical/cisco aironet 3800 firmware
- canonical/cisco aironet 3800p firmware