medium
4.7
CWE
287
Advisory Published
Updated

CVE-2018-0247

First published: Wed May 02 2018(Updated: )

A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. This affects Cisco Aironet Access Points running Cisco IOS Software and Cisco Wireless LAN Controller (WLC) releases prior to 8.5.110.0 for the following specific WLC configuration only: (1) The Access Point (AP) is configured in FlexConnect Mode with NAT. (2) The WLAN is configured for central switching, meaning the client is being assigned a unique IP address. (3) The AP is configured with a Split Tunnel access control list (ACL) for access to local network resources, meaning the AP is doing the NAT on the connection. (4) The client is using WebAuth. This vulnerability does not apply to .1x clients in the same configuration. Cisco Bug IDs: CSCvc79502, CSCvf71789.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Wireless LAN Controller Software=8.3\(104.105\)
Cisco Aironet Access Point Software=8.3\(104.105\)
Cisco Aironet Access Point Software=8.5\(107.52\)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2018-0247?

    CVE-2018-0247 is a vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software.

  • How does CVE-2018-0247 impact Cisco Wireless LAN Controller Software?

    CVE-2018-0247 allows an unauthenticated, adjacent attacker to bypass authentication and pass traffic.

  • How does CVE-2018-0247 impact Cisco Aironet Access Point Software?

    CVE-2018-0247 allows an unauthenticated, adjacent attacker to bypass authentication and pass traffic.

  • What is the severity of CVE-2018-0247?

    CVE-2018-0247 has a severity rating of medium, with a CVSS score of 4.7.

  • How can I fix CVE-2018-0247?

    To fix CVE-2018-0247, Cisco has released software updates that address the vulnerability. Refer to the Cisco Security Advisory and apply the necessary updates.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203