CVE-2018-0163 - Vulnerability Details

A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00251.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco Subscribe	1120 Connected Grid Router Subscribe 1240 Connected Grid Router Subscribe 1905 Serial Integrated Services Router Subscribe 1906c Integrated Services Router Subscribe 1921 Integrated Services Router Subscribe 1941 Integrated Services Router Subscribe 1941w Integrated Services Router Subscribe 2010 Connected Grid Router Subscribe 2901 Integrated Services Router Subscribe 2911 Integrated Services Router Subscribe 2911a Integrated Services Router Subscribe 2921 Integrated Services Router Subscribe 2951 Integrated Services Router Subscribe 3925 Integrated Services Router Subscribe 3925e Integrated Services Router Subscribe 3945 Integrated Services Router Subscribe 3945e Integrated Services Router Subscribe 5915 Embedded Service Router Subscribe 5921 Embedded Services Router Subscribe 5940 Embedded Services Router Subscribe 800 Series Routers Subscribe 800m Integrated Services Router Subscribe 809 Industrial Integrated Services Router Subscribe 812 3g Integrated Services Router Subscribe 812 Cifi Integrated Services Router Subscribe 819 Hardened 3g Subscribe 819 Hardened Dual Radio 802.11n Wifi Integrated Services Router Subscribe 819 Hardened Integrated Services Router Subscribe 819 Integrated Services Router Subscribe 819 Non-hardened 4g Lte M2m Subscribe 819 Non-hardened Secure Multi-mode 4g Lte M2m Isr Router Subscribe 829 Industrial Integrated Services Router Subscribe 860vae-w Integrated Services Router Subscribe 861 Integrated Services Router Subscribe 861w Integrated Services Router Subscribe 866vae Integrated Services Router Subscribe 867vae Integrated Services Router Subscribe 880-voice Integrated Services Router Subscribe 881-cube Integrated Services Router Subscribe 881 3g Subscribe 881 3g Integrated Services Router Subscribe 881 Secure Fast Ethernet Subscribe 881w Integrated Services Router Subscribe 886va-cube Integrated Services Router Subscribe 886va-w Integrated Services Router Subscribe 886va Integrated Services Router Subscribe 886vag 3g Integrated Services Router Subscribe 887 Multi-mode Vdsl2\/asdl2\+ Pots Subscribe 887va-cube Integrated Services Router Subscribe 887va-w Integrated Services Router Subscribe 887va Integrated Services Router Subscribe 887vag 3g Integrated Services Router Subscribe 887vagw 3g Subscribe 887vam-w Integrated Services Router Subscribe 887vamg 3g Integrated Services Router Subscribe 888-cube Integrated Services Router Subscribe 888 Integrated Services Router Subscribe 888e-cube Integrated Services Router Subscribe 888e Integrated Services Router Subscribe 888eg 3g Integrated Services Router Subscribe 888w Integrated Services Router Subscribe 891-24x Integrated Services Router Subscribe 891 Integrated Services Router Subscribe 891w Integrated Services Router Subscribe 892 Integrated Services Router Subscribe 892f-cube Integrated Services Router Subscribe 892w Integrated Services Router Subscribe 896 Multi-mode Vdsl2\/adsl2\+ Isdn Subscribe 897 Multi-mode Vdsl2\/adsl2\+ Pots Subscribe 897 Multi-mode Vdsl2\/adsl2\+ Pots Annex M Subscribe 898 Secure G.shdsl Efm\/atm Subscribe C866vae Integrated Services Router Subscribe C867vae Integrated Services Router Subscribe C881 Integrated Services Router Subscribe C881w Integrated Services Router Subscribe C886va Integrated Services Routers Subscribe C886vaj Integrated Services Router Subscribe C887va Integrated Services Routers Subscribe C887vam Integrated Services Routers Subscribe C888 Integrated Services Router Subscribe C888ea Integrated Services Router Subscribe C891f Integrated Services Routers Subscribe C891fw Integrated Services Router Subscribe C892fsp Integrated Services Router Subscribe C896va Integrated Services Router Subscribe C897va-m Integrated Services Router Subscribe C897va Integrated Services Router Subscribe C897vam-w Integrated Services Router Subscribe C897vaw Integrated Services Router Subscribe C898ea Integrated Services Router Subscribe C899 Secure Gigabit Ethernet Subscribe Ios Subscribe Vg204xm Analog Voice Gateway Subscribe Vg350 Analog Voice Gateway Subscribe Vg3x0 Analog Voice Gateway Subscribe
Rockwellautomation Subscribe	Stratix 5900 Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios:15.4\(3\)m6:::::::*
	cpe:2.3:o:cisco:ios:15.4\(3\)m6a:::::::*
	cpe:2.3:o:cisco:ios:15.4\(3\)m7:::::::*
	cpe:2.3:o:cisco:ios:15.4\(3\)m7a:::::::*
	cpe:2.3:o:cisco:ios:15.4\(3\)m8:::::::*
	cpe:2.3:o:cisco:ios:15.4\(3.0i\)m6:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m3:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m4:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m4a:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m4b:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m4c:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m5:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m5a:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m6:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)m6a:::::::*
	cpe:2.3:o:cisco:ios:15.6\(1\)t2:::::::*
	cpe:2.3:o:cisco:ios:15.6\(1\)t3:::::::*
	cpe:2.3:o:cisco:ios:15.6\(2\)t1:::::::*
	cpe:2.3:o:cisco:ios:15.6\(2\)t2:::::::*
	cpe:2.3:o:cisco:ios:15.6\(2\)t3:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m0a:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m1:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m1a:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m1b:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m2:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m2a:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m3:::::::*
	cpe:2.3:o:cisco:ios:15.6\(3\)m3a:::::::*
	cpe:2.3:o:cisco:ios:15.7\(3\)m:::::::*
	cpe:2.3:o:cisco:ios:15.7\(3\)m0a:::::::*
	cpe:2.3:o:cisco:ios:15.7\(3\)m1:::::::*
	cpe:2.3:o:cisco:ios:15.7\(3\)m2:::::::*

OR	cpe:2.3:h:cisco:1120_connected_grid_router:-:::::::*
	cpe:2.3:h:cisco:1240_connected_grid_router:-:::::::*
	cpe:2.3:h:cisco:1905_serial_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1906c_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1921_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1941_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1941w_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:2010_connected_grid_router:-:::::::*
	cpe:2.3:h:cisco:2901_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:2911_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:2911a_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:2921_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:2951_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:3925_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:3925e_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:3945_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:3945e_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:5915_embedded_service_router:-:::::::*
	cpe:2.3:h:cisco:5921_embedded_services_router:-:::::::*
	cpe:2.3:h:cisco:5940_embedded_services_router:-:::::::*
	cpe:2.3:h:cisco:800_series_routers:-:::::::*
	cpe:2.3:h:cisco:800m_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:812_3g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:812_cifi_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:819_hardened_3g:-:::::::*
	cpe:2.3:h:cisco:819_hardened_dual_radio_802.11n_wifi_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:819_hardened_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:819_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:819_non-hardened_4g_lte_m2m:-:::::::*
	cpe:2.3:h:cisco:819_non-hardened_secure_multi-mode_4g_lte_m2m_isr_router:-:::::::*
	cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:860vae-w_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:861_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:861w_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:866vae_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:867vae_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:880-voice_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:881-cube_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:881_3g:-:::::::*
	cpe:2.3:h:cisco:881_3g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:881_secure_fast_ethernet:-:::::::*
	cpe:2.3:h:cisco:881w_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:886va-cube_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:886va-w_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:886va_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:886vag_3g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:887_multi-mode_vdsl2\/asdl2\+_pots:-:::::::*
	cpe:2.3:h:cisco:887va-cube_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:887va-w_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:887va_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:887vag_3g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:887vagw_3g:-:::::::*
	cpe:2.3:h:cisco:887vam-w_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:887vamg_3g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:888-cube_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:888_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:888e-cube_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:888e_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:888eg_3g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:888w_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:891-24x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:891_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:891w_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:892_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:892f-cube_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:892w_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:896_multi-mode_vdsl2\/adsl2\+_isdn:-:::::::*
cpe:2.3:h:cisco:897_multi-mode_vdsl2\/adsl2\+_pots:-:::::::*
cpe:2.3:h:cisco:897_multi-mode_vdsl2\/adsl2\+_pots_annex_m:-:::::::*
cpe:2.3:h:cisco:898_secure_g.shdsl_efm\/atm:-:::::::*
cpe:2.3:h:cisco:c866vae_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c867vae_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c881_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c881w_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c886va_integrated_services_routers:-:::::::*
cpe:2.3:h:cisco:c886vaj_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c887va_integrated_services_routers:-:::::::*
cpe:2.3:h:cisco:c887vam_integrated_services_routers:-:::::::*
cpe:2.3:h:cisco:c888_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c888ea_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c891f_integrated_services_routers:-:::::::*
cpe:2.3:h:cisco:c891fw_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c892fsp_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c896va_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c897va-m_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c897va_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c897vam-w_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c897vaw_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c898ea_integrated_services_router:-:::::::*
cpe:2.3:h:cisco:c899_secure_gigabit_ethernet:-:::::::*
cpe:2.3:h:cisco:vg204xm_analog_voice_gateway:-:::::::*
cpe:2.3:h:cisco:vg350_analog_voice_gateway:-:::::::*
cpe:2.3:h:cisco:vg3x0_analog_voice_gateway:-:::::::*
cpe:2.3:h:rockwellautomation:stratix_5900:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2018-0986	A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/103571
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x

History

Mon, 02 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-03-28T22:00:00

Updated: 2024-12-02T20:54:54.828Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0163

Vulnrichment

Updated: 2024-08-05T03:14:16.957Z

NVD

Status : Modified

Published: 2018-03-28T22:29:00.750

Modified: 2024-11-21T03:37:38.443

Link: CVE-2018-0163

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object