CVE-2017-3834

Name of the Vulnerable Software and Affected Versions Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software versions prior to 8.2.111.0

Description The issue is related to the existence of default credentials in Cisco Mobility Express Software, which allows an unauthenticated, remote attacker to gain elevated privileges and take complete control of the device via Secure Shell (SSH). This affects devices configured as master, subordinate, or standalone access points.

Recommendations For versions prior to 8.2.111.0, update to Release 8.2.111.0 or later to resolve the issue. As a temporary workaround, consider disabling SSH access to the device until a patch is available. Restrict access to the device to minimize the risk of exploitation.