CVE-2016-9196
Description
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Aironet 1800, 2800, 3800 APs: authenticated local attacker with root password can bypass shell controls to get unrestricted root Linux shell access.
Vulnerability
A login authentication management vulnerability in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms allows an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is normally reserved for advanced troubleshooting and should not be accessible to individual users, even those with root privileges. The issue arises due to incorrect management of user credentials during authentication. Affected releases include 8.2(121.0) and 8.3(102.0). Fixed releases are 8.4(1.53), 8.4(1.52), 8.3(111.0), 8.3(104.23), 8.2(130.0), and 8.2(124.1) [1].
Exploitation
An attacker must already possess the root password for the affected access point. With that credential, the attacker authenticates to the device and can then bypass the controls designed to restrict access to the root Linux shell. The exploit does not require network access beyond local console or SSH access [1]. No user interaction beyond the attacker's own actions is needed.
Impact
Successful exploitation gives the authenticated attacker unrestricted root shell access to the underlying Linux OS. This privilege escalation allows full control over the device, including the ability to execute arbitrary commands, install malicious software, and further compromise the network [1].
Mitigation
Cisco has released fixed software versions as listed above. There are no workarounds that address this vulnerability. Users should upgrade to a fixed release as indicated in the advisory [1]. The vulnerability is not listed on the Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8cpe:2.3:o:cisco:aironet_access_point:8.1\(112.3\):*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:cisco:aironet_access_point:8.1\(112.3\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:aironet_access_point:8.1\(112.4\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:aironet_access_point:8.1\(131.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:aironet_access_point:8.1\(15.14\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:aironet_access_point:8.2\(100.0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:aironet_access_point:8.2\(102.43\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:aironet_access_point:8.2_base:*:*:*:*:*:*:*
- (no CPE)range: 8.2(121.0), 8.3(102.0)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/97468nvdThird Party AdvisoryVDB Entry
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironetnvdVendor Advisory
- www.securitytracker.com/id/1038187nvd
News mentions
0No linked articles in our index yet.