Wednesday, September 26, 2018

Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability

A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device.

The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-macsec


Security Impact Rating: Medium
CVE: CVE-2018-15372

from Cisco Security Advisory https://ift.tt/2Oc7sZZ

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.