CVE-2019-1758

28.03.2019, 01:29

A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.7 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
cisco	CNA	4.7 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 44%

Vendor	Product	Version
cisco	ios	12.2\(33\)sxj6
cisco	ios	12.2\(33\)sxj7
cisco	ios	12.2\(33\)sxj8
cisco	ios	12.2\(33\)sxj9
cisco	ios	12.2\(33\)sxj10
cisco	ios	12.2\(60\)ez12
cisco	ios	15.1\(1\)sy1
cisco	ios	15.1\(1\)sy2
cisco	ios	15.1\(1\)sy3
cisco	ios	15.1\(1\)sy4
cisco	ios	15.1\(1\)sy5
cisco	ios	15.1\(1\)sy6
cisco	ios	15.1\(2\)sg8a
cisco	ios	15.1\(2\)sy
cisco	ios	15.1\(2\)sy1
cisco	ios	15.1\(2\)sy2
cisco	ios	15.1\(2\)sy3
cisco	ios	15.1\(2\)sy4
cisco	ios	15.1\(2\)sy4a
cisco	ios	15.1\(2\)sy5
cisco	ios	15.1\(2\)sy6
cisco	ios	15.1\(2\)sy7
cisco	ios	15.1\(2\)sy8
cisco	ios	15.1\(2\)sy9
cisco	ios	15.1\(2\)sy10
cisco	ios	15.1\(2\)sy11
cisco	ios	15.1\(2\)sy12
cisco	ios	15.1\(2\)sy13
cisco	ios	15.1\(3\)svg3d
cisco	ios	15.1\(3\)svi1b
cisco	ios	15.1\(3\)svk4b
cisco	ios	15.1\(3\)svk4c
cisco	ios	15.1\(3\)svm3
cisco	ios	15.1\(3\)svn2
cisco	ios	15.1\(3\)svo1
cisco	ios	15.1\(3\)svo2
cisco	ios	15.1\(3\)svp1
cisco	ios	15.1\(3\)svp2
cisco	ios	15.1\(4\)m12c
cisco	ios	15.2\(1\)sy
cisco	ios	15.2\(1\)sy0a
cisco	ios	15.2\(1\)sy1
cisco	ios	15.2\(1\)sy1a
cisco	ios	15.2\(1\)sy2
cisco	ios	15.2\(1\)sy3
cisco	ios	15.2\(1\)sy4
cisco	ios	15.2\(1\)sy5
cisco	ios	15.2\(1\)sy6
cisco	ios	15.2\(1\)sy7
cisco	ios	15.2\(2\)sy
cisco	ios	15.2\(2\)sy1
cisco	ios	15.2\(2\)sy2
cisco	ios	15.2\(2\)sy3
cisco	ios	15.2\(3\)ea1
cisco	ios	15.2\(4\)jn1
cisco	ios	15.2\(4a\)ea5
cisco	ios	15.3\(0\)sy
cisco	ios	15.3\(1\)sy
cisco	ios	15.3\(1\)sy1
cisco	ios	15.3\(1\)sy2
cisco	ios	15.3\(3\)ja1n
cisco	ios	15.3\(3\)jf35
cisco	ios	15.3\(3\)ji2
cisco	ios	15.4\(1\)sy
cisco	ios	15.4\(1\)sy1
cisco	ios	15.4\(1\)sy2
cisco	ios	15.4\(1\)sy3
cisco	ios	15.4\(1\)sy4
cisco	ios	15.5\(1\)sy
cisco	ios	15.5\(1\)sy1
cisco	ios	15.5\(1\)sy2
cisco	ios	15.6\(2\)sp3b

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://www.securityfocus.com/bid/107616

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500

http://www.securityfocus.com/bid/107616

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500