Published: 15/01/2016 Updated: 07/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote malicious users to obtain access via unspecified vectors, aka Bug ID CSCuw58062.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco aironet_access_point_software 7.4_base
cisco aironet_access_point_software 7.3_base
cisco aironet_access_point_software 8.1\\(112.4\\)
cisco aironet_access_point_software 8.1\\(112.3\\)
cisco aironet_access_point_software 7.2_base
cisco aironet_access_point_software 8.1\\(15.14\\)

A vulnerability in Cisco Aironet 1800 Series Access Point devices could allow an unauthenticated, remote attacker to log in to the device by using a default account that has a static password By default, the account does not have full administrative privileges The vulnerability is due to the presence of a default user account that is created whe ...

Cisco admins gear up for a late night – hardcoded password in wireless points nuked

The Register • Richard Chirgwin • 13 Jan 2016

Wi-Fi gear, WLAN controllers, ISE get security patches

Cisco sysadmins have a busy day ahead of them, with vulnerabilities announced in wireless LAN controllers, the Cisco Identity Services Engine, and Aironet access points. The Aironet 1800 series flaw, CVE-2015-6336, is that old favorite: a hardcoded static password granting access to the device. Luckily, the account with the hardwired credential doesn't have admin privilege, so Cisco reckons its exposure is limited to denial-of-service attacks. The access points that need updating are the 1830e, ...

CVE-2015-6336

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect