A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219.
Conclusion & alert: CVE-2017-3831 is rated High Risk (71.9/100): CVSS Critical severity, with high exploitation likelihood (EPSS 5.27%, 91th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 4.60% | 5.27% | +0.68% |
| 2 | 2026-04-30 | 6.12% | 4.60% | -1.52% |
| 3 | 2025-03-30 | — | 6.12% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.0 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| 10.0 | 2.0 | HIGH |
|
10.0 | 10.0 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| cisco | aironet_access_point_software | 8.1\(15.14\) | cpe:2.3:o:cisco:aironet_access_point_software:8.1\(15.14\):*:*:*:*:*:*:* |
| cisco | aironet_access_point_software | 8.1\(112.3\) | cpe:2.3:o:cisco:aironet_access_point_software:8.1\(112.3\):*:*:*:*:*:*:* |
| cisco | aironet_access_point_software | 8.1\(112.4\) | cpe:2.3:o:cisco:aironet_access_point_software:8.1\(112.4\):*:*:*:*:*:*:* |
| cisco | aironet_access_point_software | 8.1\(131.0\) | cpe:2.3:o:cisco:aironet_access_point_software:8.1\(131.0\):*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96909 | Third Party Advisory VDB Entry |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800 | Vendor Advisory |