CVE-2017-3873

Name of the Vulnerable Software and Affected Versions Cisco Aironet 1800, 2800, and 3800 Series Access Points version 8.3.102.0

Description A vulnerability in the Plug-and-Play (PnP) subsystem could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges due to insufficient validation of PnP server responses. The PnP feature is active during the initial boot or after a factory reset. An attacker can exploit this by responding to PnP configuration requests with malicious responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is on the network, the attacker must exploit the issue before a valid PnP response is received. Successful exploitation allows the attacker to execute arbitrary code with root privileges on the device's underlying operating system.

Recommendations For version 8.3.102.0, update to a fixed version to prevent exploitation of the PnP subsystem vulnerability. As a temporary workaround, consider disabling the PnP feature until a patch is available. Restrict access to the device during its initial boot or after a factory reset to minimize the risk of exploitation. Avoid using the device in an environment where an attacker could respond to PnP configuration requests until the issue is resolved.