Lucene search
CiscoCVELIST:CVE-2018-15372HistorySep 26, 2018 - 12:00 a.m.
CVE-2018-15372 Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability
2018-09-2600:00:00
CWE-284
cisco
www.cve.org
A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.
CNA Affected
[
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
]Related
cve
cve
CVE-2018-15372
2018-10-05 14:29:06
nessus
nessus
prion
prion
Authentication flaw
2018-10-05 14:29:00
nvd
nvd
CVE-2018-15372
2018-10-05 14:29:06
cisco
cisco