← back
CVE-2018-15372

Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability

EPSS 0.7%CWE-284
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
05 Oct 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →