CVE-2018-0250

Name of the Vulnerable Software and Affected Versions: Cisco Aironet 1560 Series Access Points (affected versions not specified) Cisco Aironet 1810 Series OfficeExtend Access Points (affected versions not specified) Cisco Aironet 1810w Series Access Points (affected versions not specified) Cisco Aironet 1815 Series Access Points (affected versions not specified) Cisco Aironet 1830 Series Access Points (affected versions not specified) Cisco Aironet 1850 Series Access Points (affected versions not specified) Cisco Aironet 2800 Series Access Points (affected versions not specified) Cisco Aironet 3800 Series Access Points (affected versions not specified)

Description: A vulnerability in Central Web Authentication with FlexConnect Access Points could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The issue arises because the Access Point ignores the ACL download from the client during authentication. An attacker could exploit this by connecting to the targeted device with a vulnerable configuration, potentially allowing them to bypass the configured client FlexConnect ACL.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.