CVE Vulnerabilities

CVE-2018-0163

Improper Authentication

Published: Mar 28, 2018 | Modified: Apr 28, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
3.3 LOW
AV:A/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Ios Cisco 15.4(3)m6 15.4(3)m6
Ios Cisco 15.4(3)m6a 15.4(3)m6a
Ios Cisco 15.4(3)m7 15.4(3)m7
Ios Cisco 15.4(3)m7a 15.4(3)m7a
Ios Cisco 15.4(3)m8 15.4(3)m8
Ios Cisco 15.4(3.0i)m6 15.4(3.0i)m6
Ios Cisco 15.5(3)m3 15.5(3)m3
Ios Cisco 15.5(3)m4 15.5(3)m4
Ios Cisco 15.5(3)m4a 15.5(3)m4a
Ios Cisco 15.5(3)m4b 15.5(3)m4b
Ios Cisco 15.5(3)m4c 15.5(3)m4c
Ios Cisco 15.5(3)m5 15.5(3)m5
Ios Cisco 15.5(3)m5a 15.5(3)m5a
Ios Cisco 15.5(3)m6 15.5(3)m6
Ios Cisco 15.5(3)m6a 15.5(3)m6a
Ios Cisco 15.6(1)t2 15.6(1)t2
Ios Cisco 15.6(1)t3 15.6(1)t3
Ios Cisco 15.6(2)t1 15.6(2)t1
Ios Cisco 15.6(2)t2 15.6(2)t2
Ios Cisco 15.6(2)t3 15.6(2)t3
Ios Cisco 15.6(3)m 15.6(3)m
Ios Cisco 15.6(3)m0a 15.6(3)m0a
Ios Cisco 15.6(3)m1 15.6(3)m1
Ios Cisco 15.6(3)m1a 15.6(3)m1a
Ios Cisco 15.6(3)m1b 15.6(3)m1b
Ios Cisco 15.6(3)m2 15.6(3)m2
Ios Cisco 15.6(3)m2a 15.6(3)m2a
Ios Cisco 15.6(3)m3 15.6(3)m3
Ios Cisco 15.6(3)m3a 15.6(3)m3a
Ios Cisco 15.7(3)m 15.7(3)m
Ios Cisco 15.7(3)m0a 15.7(3)m0a
Ios Cisco 15.7(3)m1 15.7(3)m1
Ios Cisco 15.7(3)m2 15.7(3)m2

Potential Mitigations

References