CVE-2018-0250 : A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Poin

A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756.

Published 2018-05-02 22:29:01

Updated 2019-10-09 23:31:34

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2018-0250

Cisco » Aironet Access Point Software » Version: 8.4(100.0)
cpe:2.3:o:cisco:aironet_access_point_software:8.4\(100.0\):*:*:*:*:*:*:*
Matching versions
Cisco » Aironet Access Point Software » Version: 8.7(1.3)
cpe:2.3:o:cisco:aironet_access_point_software:8.7\(1.3\):*:*:*:*:*:*:*
Matching versions
Cisco » Aironet Access Point Software » Version: 8.2(160.0)
cpe:2.3:o:cisco:aironet_access_point_software:8.2\(160.0\):*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-0250

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0250

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.7	LOW	AV:A/AC:L/Au:S/C:N/I:P/A:N	5.1	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.1	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N	2.3	1.4	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2018-0250

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)

References for CVE-2018-0250

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl

Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1040818

Cisco Aironet FlexConnect Access Points Central Web Authentication Flaw Lets Remote Authenticated Users Bypass ACLs on the Target System - SecurityTracker
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2018-0250

Products affected by CVE-2018-0250

Exploit prediction scoring system (EPSS) score for CVE-2018-0250

CVSS scores for CVE-2018-0250

CWE ids for CVE-2018-0250

References for CVE-2018-0250