Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0163

A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.

Published

2018-03-28T22:29:00.750

Last Modified

2024-11-21T03:37:38.443

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:P/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios	15.4\(3\)m6	Yes
Operating System	cisco	ios	15.4\(3\)m6a	Yes
Operating System	cisco	ios	15.4\(3\)m7	Yes
Operating System	cisco	ios	15.4\(3\)m7a	Yes
Operating System	cisco	ios	15.4\(3\)m8	Yes
Operating System	cisco	ios	15.4\(3.0i\)m6	Yes
Operating System	cisco	ios	15.5\(3\)m3	Yes
Operating System	cisco	ios	15.5\(3\)m4	Yes
Operating System	cisco	ios	15.5\(3\)m4a	Yes
Operating System	cisco	ios	15.5\(3\)m4b	Yes
Operating System	cisco	ios	15.5\(3\)m4c	Yes
Operating System	cisco	ios	15.5\(3\)m5	Yes
Operating System	cisco	ios	15.5\(3\)m5a	Yes
Operating System	cisco	ios	15.5\(3\)m6	Yes
Operating System	cisco	ios	15.5\(3\)m6a	Yes
Operating System	cisco	ios	15.6\(1\)t2	Yes
Operating System	cisco	ios	15.6\(1\)t3	Yes
Operating System	cisco	ios	15.6\(2\)t1	Yes
Operating System	cisco	ios	15.6\(2\)t2	Yes
Operating System	cisco	ios	15.6\(2\)t3	Yes
Operating System	cisco	ios	15.6\(3\)m	Yes
Operating System	cisco	ios	15.6\(3\)m0a	Yes
Operating System	cisco	ios	15.6\(3\)m1	Yes
Operating System	cisco	ios	15.6\(3\)m1a	Yes
Operating System	cisco	ios	15.6\(3\)m1b	Yes
Operating System	cisco	ios	15.6\(3\)m2	Yes
Operating System	cisco	ios	15.6\(3\)m2a	Yes
Operating System	cisco	ios	15.6\(3\)m3	Yes
Operating System	cisco	ios	15.6\(3\)m3a	Yes
Operating System	cisco	ios	15.7\(3\)m	Yes
Operating System	cisco	ios	15.7\(3\)m0a	Yes
Operating System	cisco	ios	15.7\(3\)m1	Yes
Operating System	cisco	ios	15.7\(3\)m2	Yes
Hardware	cisco	1120_connected_grid_router	-	No
Hardware	cisco	1240_connected_grid_router	-	No
Hardware	cisco	1905_serial_integrated_services_router	-	No
Hardware	cisco	1906c_integrated_services_router	-	No
Hardware	cisco	1921_integrated_services_router	-	No
Hardware	cisco	1941_integrated_services_router	-	No
Hardware	cisco	1941w_integrated_services_router	-	No
Hardware	cisco	2010_connected_grid_router	-	No
Hardware	cisco	2901_integrated_services_router	-	No
Hardware	cisco	2911_integrated_services_router	-	No
Hardware	cisco	2911a_integrated_services_router	-	No
Hardware	cisco	2921_integrated_services_router	-	No
Hardware	cisco	2951_integrated_services_router	-	No
Hardware	cisco	3925_integrated_services_router	-	No
Hardware	cisco	3925e_integrated_services_router	-	No
Hardware	cisco	3945_integrated_services_router	-	No
Hardware	cisco	3945e_integrated_services_router	-	No
Hardware	cisco	5915_embedded_service_router	-	No
Hardware	cisco	5921_embedded_services_router	-	No
Hardware	cisco	5940_embedded_services_router	-	No
Hardware	cisco	800_series_routers	-	No
Hardware	cisco	800m_integrated_services_router	-	No
Hardware	cisco	809_industrial_integrated_services_router	-	No
Hardware	cisco	812_3g_integrated_services_router	-	No
Hardware	cisco	812_cifi_integrated_services_router	-	No
Hardware	cisco	819_hardened_3g	-	No
Hardware	cisco	819_hardened_dual_radio_802.11n_wifi_integrated_services_router	-	No
Hardware	cisco	819_hardened_integrated_services_router	-	No
Hardware	cisco	819_integrated_services_router	-	No
Hardware	cisco	819_non-hardened_4g_lte_m2m	-	No
Hardware	cisco	819_non-hardened_secure_multi-mode_4g_lte_m2m_isr_router	-	No
Hardware	cisco	829_industrial_integrated_services_router	-	No
Hardware	cisco	860vae-w_integrated_services_router	-	No
Hardware	cisco	861_integrated_services_router	-	No
Hardware	cisco	861w_integrated_services_router	-	No
Hardware	cisco	866vae_integrated_services_router	-	No
Hardware	cisco	867vae_integrated_services_router	-	No
Hardware	cisco	880-voice_integrated_services_router	-	No
Hardware	cisco	881-cube_integrated_services_router	-	No
Hardware	cisco	881_3g	-	No
Hardware	cisco	881_3g_integrated_services_router	-	No
Hardware	cisco	881_secure_fast_ethernet	-	No
Hardware	cisco	881w_integrated_services_router	-	No
Hardware	cisco	886va-cube_integrated_services_router	-	No
Hardware	cisco	886va-w_integrated_services_router	-	No
Hardware	cisco	886va_integrated_services_router	-	No
Hardware	cisco	886vag_3g_integrated_services_router	-	No
Hardware	cisco	887_multi-mode_vdsl2\/asdl2\+_pots	-	No
Hardware	cisco	887va-cube_integrated_services_router	-	No
Hardware	cisco	887va-w_integrated_services_router	-	No
Hardware	cisco	887va_integrated_services_router	-	No
Hardware	cisco	887vag_3g_integrated_services_router	-	No
Hardware	cisco	887vagw_3g	-	No
Hardware	cisco	887vam-w_integrated_services_router	-	No
Hardware	cisco	887vamg_3g_integrated_services_router	-	No
Hardware	cisco	888-cube_integrated_services_router	-	No
Hardware	cisco	888_integrated_services_router	-	No
Hardware	cisco	888e-cube_integrated_services_router	-	No
Hardware	cisco	888e_integrated_services_router	-	No
Hardware	cisco	888eg_3g_integrated_services_router	-	No
Hardware	cisco	888w_integrated_services_router	-	No
Hardware	cisco	891-24x_integrated_services_router	-	No
Hardware	cisco	891_integrated_services_router	-	No
Hardware	cisco	891w_integrated_services_router	-	No
Hardware	cisco	892_integrated_services_router	-	No
Hardware	cisco	892f-cube_integrated_services_router	-	No
Hardware	cisco	892w_integrated_services_router	-	No
Hardware	cisco	896_multi-mode_vdsl2\/adsl2\+_isdn	-	No
Hardware	cisco	897_multi-mode_vdsl2\/adsl2\+_pots	-	No
Hardware	cisco	897_multi-mode_vdsl2\/adsl2\+_pots_annex_m	-	No
Hardware	cisco	898_secure_g.shdsl_efm\/atm	-	No
Hardware	cisco	c866vae_integrated_services_router	-	No
Hardware	cisco	c867vae_integrated_services_router	-	No
Hardware	cisco	c881_integrated_services_router	-	No
Hardware	cisco	c881w_integrated_services_router	-	No
Hardware	cisco	c886va_integrated_services_routers	-	No
Hardware	cisco	c886vaj_integrated_services_router	-	No
Hardware	cisco	c887va_integrated_services_routers	-	No
Hardware	cisco	c887vam_integrated_services_routers	-	No
Hardware	cisco	c888_integrated_services_router	-	No
Hardware	cisco	c888ea_integrated_services_router	-	No
Hardware	cisco	c891f_integrated_services_routers	-	No
Hardware	cisco	c891fw_integrated_services_router	-	No
Hardware	cisco	c892fsp_integrated_services_router	-	No
Hardware	cisco	c896va_integrated_services_router	-	No
Hardware	cisco	c897va-m_integrated_services_router	-	No
Hardware	cisco	c897va_integrated_services_router	-	No
Hardware	cisco	c897vam-w_integrated_services_router	-	No
Hardware	cisco	c897vaw_integrated_services_router	-	No
Hardware	cisco	c898ea_integrated_services_router	-	No
Hardware	cisco	c899_secure_gigabit_ethernet	-	No
Hardware	cisco	vg204xm_analog_voice_gateway	-	No
Hardware	cisco	vg350_analog_voice_gateway	-	No
Hardware	cisco	vg3x0_analog_voice_gateway	-	No
Hardware	rockwellautomation	stratix_5900	-	No

References

http://www.securityfocus.com/bid/103571 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/103571 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)