CVE-2017-12281

Name of the Vulnerable Software and Affected Versions Cisco Aironet 1800, 2800, and 3800 Series Access Points (affected versions not specified)

Description A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The issue exists due to an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this by attempting to connect to an affected device, potentially allowing them to bypass authentication and connect to the device. This issue affects devices running a vulnerable software release with specific WLAN configuration settings, including FlexConnect local switching and central authentication with MAC filtering.

Recommendations For Cisco Aironet 1800, 2800, and 3800 Series Access Points, update the software to a version that fixes the incorrect default configuration setting of fail open in standalone mode. At the moment, there is no information about a newer version that contains a fix for this vulnerability.