CVE-2018-0247
Description
A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. This affects Cisco Aironet Access Points running Cisco IOS Software and Cisco Wireless LAN Controller (WLC) releases prior to 8.5.110.0 for the following specific WLC configuration only: (1) The Access Point (AP) is configured in FlexConnect Mode with NAT. (2) The WLAN is configured for central switching, meaning the client is being assigned a unique IP address. (3) The AP is configured with a Split Tunnel access control list (ACL) for access to local network resources, meaning the AP is doing the NAT on the connection. (4) The client is using WebAuth. This vulnerability does not apply to .1x clients in the same configuration. Cisco Bug IDs: CSCvc79502, CSCvf71789.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated adjacent attacker can bypass WebAuth authentication on Cisco WLC and Aironet APs in a specific FlexConnect configuration.
Vulnerability
The vulnerability resides in the Web Authentication (WebAuth) client implementation for Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software. It affects releases prior to 8.5.110.0. The bug is triggered only under a specific configuration: (1) the Access Point (AP) is in FlexConnect Mode with NAT, (2) the WLAN is configured for central switching (client assigned a unique IP), (3) the AP has a Split Tunnel ACL for local network access (AP performs NAT), and (4) the client uses WebAuth. This does not affect .1x clients in the same setup [1].
Exploitation
An attacker must be adjacent to the network and does not require authentication. By sending traffic to local network resources without completing WebAuth, the attacker can bypass the authentication process entirely [1].
Impact
Successful exploitation allows the attacker to bypass WebAuth authentication and pass traffic to local network resources, potentially gaining unauthorized access to internal systems and data [1].
Mitigation
Cisco has released fixed software version 8.5.110.0. No workarounds exist. Users should upgrade to a patched release. The vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog as of publication [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < 8.5.110.0
- Range: Cisco IOS Software (no version given)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.securityfocus.com/bid/104087mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040814mitrevdb-entryx_refsource_SECTRACK
- www.securitytracker.com/id/1040815mitrevdb-entryx_refsource_SECTRACK
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-authmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.