CVE-2018-0163
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
28/03/2018
Last modified:
28/04/2021
Description
A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios:15.4\(3\)m6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.4\(3\)m6a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.4\(3\)m7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.4\(3\)m7a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.4\(3\)m8:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.4\(3.0i\)m6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m4a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m4b:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m4c:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m5a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios:15.5\(3\)m6a:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page