A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Cisco
  • C881w Integrated Services Router
  • 2911a Integrated Services Router
  • 5915 Embedded Service Router
  • Ios
  • C888ea Integrated Services Router
  • 819 Integrated Services Router
  • 866vae Integrated Services Router
  • C886va Integrated Services Routers
  • 881 3g Integrated Services Router
  • 888eg 3g Integrated Services Router
  • C891fw Integrated Services Router
  • 886va-cube Integrated Services Router
  • 887vam-w Integrated Services Router
  • C887vam Integrated Services Routers
  • C896va Integrated Services Router
  • 887va-cube Integrated Services Router
  • 886va Integrated Services Router
  • 800m Integrated Services Router
  • 888e-cube Integrated Services Router
  • 2911 Integrated Services Router
  • C897vam-w Integrated Services Router
  • 886va-w Integrated Services Router
  • 891-24x Integrated Services Router
  • C892fsp Integrated Services Router
  • 819 Hardened Dual Radio 802.11n Wifi Integrated Services Router
  • 819 Hardened Integrated Services Router
  • 887va-w Integrated Services Router
  • 2901 Integrated Services Router
  • 809 Industrial Integrated Services Router
  • Vg204xm Analog Voice Gateway
  • 3925e Integrated Services Router
  • 887 Multi-mode Vdsl2\/asdl2\+ Pots
  • 892f-cube Integrated Services Router
  • 812 Cifi Integrated Services Router
  • 819 Non-hardened 4g Lte M2m
  • C881 Integrated Services Router
  • 887vamg 3g Integrated Services Router
  • 1941w Integrated Services Router
  • 819 Non-hardened Secure Multi-mode 4g Lte M2m Isr Router
  • 897 Multi-mode Vdsl2\/adsl2\+ Pots
  • C897va Integrated Services Router
  • 829 Industrial Integrated Services Router
  • C891f Integrated Services Routers
  • 892 Integrated Services Router
  • 5921 Embedded Services Router
  • C897va-m Integrated Services Router
  • 881w Integrated Services Router
  • Vg3x0 Analog Voice Gateway
  • 2010 Connected Grid Router
  • 800 Series Routers
  • 888e Integrated Services Router
  • 891w Integrated Services Router
  • 1921 Integrated Services Router
  • 1906c Integrated Services Router
  • 812 3g Integrated Services Router
  • 881 3g
  • 1905 Serial Integrated Services Router
  • 887va Integrated Services Router
  • 819 Hardened 3g
  • 3945e Integrated Services Router
  • 888-cube Integrated Services Router
  • 861 Integrated Services Router
  • C887va Integrated Services Routers
  • 880-voice Integrated Services Router
  • 3925 Integrated Services Router
  • 1941 Integrated Services Router
  • 886vag 3g Integrated Services Router
  • 2951 Integrated Services Router
  • 892w Integrated Services Router
  • 887vag 3g Integrated Services Router
  • 5940 Embedded Services Router
  • 860vae-w Integrated Services Router
  • C888 Integrated Services Router
  • 2921 Integrated Services Router
  • 881-cube Integrated Services Router
  • 887vagw 3g
  • 891 Integrated Services Router
  • C886vaj Integrated Services Router
  • C867vae Integrated Services Router
  • 898 Secure G.shdsl Efm\/atm
  • 3945 Integrated Services Router
  • Vg350 Analog Voice Gateway
  • 1240 Connected Grid Router
  • 888 Integrated Services Router
  • 861w Integrated Services Router
  • C897vaw Integrated Services Router
  • 896 Multi-mode Vdsl2\/adsl2\+ Isdn
  • 881 Secure Fast Ethernet
  • C866vae Integrated Services Router
  • 888w Integrated Services Router
  • 897 Multi-mode Vdsl2\/adsl2\+ Pots Annex M
  • C898ea Integrated Services Router
  • C899 Secure Gigabit Ethernet
  • 1120 Connected Grid Router
  • 867vae Integrated Services Router
Rockwellautomation
  • Stratix 5900

Configuration 1 [-]

AND
OR cpe:2.3:o:cisco:ios:15.4\(3\)m6:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.4\(3\)m6a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.4\(3\)m7:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.4\(3\)m7a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.4\(3\)m8:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.4\(3.0i\)m6:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m4a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m4b:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m4c:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m5:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m5a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m6:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.5\(3\)m6a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(1\)t2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(1\)t3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(2\)t1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(2\)t2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(2\)t3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m0a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m1a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m1b:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m2a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.6\(3\)m3a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.7\(3\)m:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.7\(3\)m0a:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.7\(3\)m1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.7\(3\)m2:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:1120_connected_grid_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1240_connected_grid_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1905_serial_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1906c_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1921_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1941_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1941w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2010_connected_grid_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2901_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2911_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2911a_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2921_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:2951_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:3925_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:3925e_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:3945_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:3945e_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:5915_embedded_service_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:5921_embedded_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:5940_embedded_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:800_series_routers:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:800m_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:812_3g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:812_cifi_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:819_hardened_3g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:819_hardened_dual_radio_802.11n_wifi_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:819_hardened_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:819_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:819_non-hardened_4g_lte_m2m:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:819_non-hardened_secure_multi-mode_4g_lte_m2m_isr_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:860vae-w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:861_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:861w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:866vae_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:867vae_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:880-voice_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:881-cube_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:881_3g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:881_3g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:881_secure_fast_ethernet:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:881w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:886va-cube_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:886va-w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:886va_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:886vag_3g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:887_multi-mode_vdsl2\/asdl2\+_pots:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:887va-cube_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:887va-w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:887va_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:887vag_3g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:887vagw_3g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:887vam-w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:887vamg_3g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:888-cube_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:888_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:888e-cube_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:888e_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:888eg_3g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:888w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:891-24x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:891_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:891w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:892_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:892f-cube_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:892w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:896_multi-mode_vdsl2\/adsl2\+_isdn:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:897_multi-mode_vdsl2\/adsl2\+_pots:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:897_multi-mode_vdsl2\/adsl2\+_pots_annex_m:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:898_secure_g.shdsl_efm\/atm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c866vae_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c867vae_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c881_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c881w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c886va_integrated_services_routers:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c886vaj_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c887va_integrated_services_routers:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c887vam_integrated_services_routers:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c888_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c888ea_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c891f_integrated_services_routers:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c891fw_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c892fsp_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c896va_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c897va-m_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c897va_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c897vam-w_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c897vaw_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c898ea_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:c899_secure_gigabit_ethernet:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vg204xm_analog_voice_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vg350_analog_voice_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vg3x0_analog_voice_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:stratix_5900:-:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/103571 Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2018-03-28T22:00:00

Updated: 2018-04-03T09:57:01

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0163

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-03-28T22:29:00.750

Modified: 2021-04-28T22:38:37.293

Link: CVE-2018-0163

JSON object: View

cve-icon Redhat Information

No data.

CWE