CVE-2018-0163
First published: Wed Mar 28 2018(Updated: )
A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =15.4\(3\)m6 | |
| Cisco IOS | =15.4\(3\)m6a | |
| Cisco IOS | =15.4\(3\)m7 | |
| Cisco IOS | =15.4\(3\)m7a | |
| Cisco IOS | =15.4\(3\)m8 | |
| Cisco IOS | =15.4\(3.0i\)m6 | |
| Cisco IOS | =15.5\(3\)m3 | |
| Cisco IOS | =15.5\(3\)m4 | |
| Cisco IOS | =15.5\(3\)m4a | |
| Cisco IOS | =15.5\(3\)m4b | |
| Cisco IOS | =15.5\(3\)m4c | |
| Cisco IOS | =15.5\(3\)m5 | |
| Cisco IOS | =15.5\(3\)m5a | |
| Cisco IOS | =15.5\(3\)m6 | |
| Cisco IOS | =15.5\(3\)m6a | |
| Cisco IOS | =15.6\(1\)t2 | |
| Cisco IOS | =15.6\(1\)t3 | |
| Cisco IOS | =15.6\(2\)t1 | |
| Cisco IOS | =15.6\(2\)t2 | |
| Cisco IOS | =15.6\(2\)t3 | |
| Cisco IOS | =15.6\(3\)m | |
| Cisco IOS | =15.6\(3\)m0a | |
| Cisco IOS | =15.6\(3\)m1 | |
| Cisco IOS | =15.6\(3\)m1a | |
| Cisco IOS | =15.6\(3\)m1b | |
| Cisco IOS | =15.6\(3\)m2 | |
| Cisco IOS | =15.6\(3\)m2a | |
| Cisco IOS | =15.6\(3\)m3 | |
| Cisco IOS | =15.6\(3\)m3a | |
| Cisco IOS | =15.7\(3\)m | |
| Cisco IOS | =15.7\(3\)m0a | |
| Cisco IOS | =15.7\(3\)m1 | |
| Cisco IOS | =15.7\(3\)m2 | |
| Cisco Connected Grid Routers | ||
| Cisco Connected Grid Router | ||
| Cisco 1905 Serial Integrated Services Router | ||
| Cisco 1906c Integrated Services Router | ||
| Cisco 1921 Integrated Services Router | ||
| Cisco 1941w Integrated Services Router | ||
| Cisco 1941w Integrated Services Router | ||
| Cisco Connected Grid Router | ||
| Cisco 2901 Integrated Services Router | ||
| Cisco ISR (Integrated Services Router) | ||
| Cisco 2911 Integrated Services Router | ||
| Cisco 2921 Integrated Services Router | ||
| Cisco 2951 Integrated Services Router | ||
| Cisco 3925 Integrated Services Router | ||
| Cisco 3925E Integrated Services Router | ||
| Cisco 3945 Integrated Services Router | ||
| Cisco 3945e Integrated Services Router | ||
| Cisco 5915 Embedded Service Router | ||
| Cisco 5921 Embedded Services Router | ||
| Cisco 5940 Embedded Services Router | ||
| Cisco 8000 Series Routers | ||
| Cisco 800 Series Routers | ||
| Cisco 809 Industrial Integrated Services Router Firmware | ||
| Cisco 812 3G Integrated Services Router | ||
| Cisco 812 3G Integrated Services Router | ||
| Cisco 819 Hardened Integrated Services Router | ||
| Cisco 819 Hardened Integrated Services Router | ||
| Cisco 819 Hardened Dual Radio 802.11n WiFi Integrated Services Router | ||
| Cisco 819 Hardened Dual Radio 802.11n WiFi Integrated Services Router | ||
| Cisco 819 Non-Hardened Secure Multi-Mode 4G LTE M2M ISR Router | ||
| Cisco 819 non-hardened 4G LTE M2M | ||
| Cisco 829 Industrial Integrated Services Router Firmware | ||
| Cisco 860vae-w Integrated Services Router | ||
| Cisco 861w Integrated Services Router | ||
| Cisco 861 Integrated Services Router | ||
| Cisco c866vae integrated services router | ||
| Cisco 867 Integrated Services Router | ||
| Cisco 880-voice Integrated Services Router | ||
| Cisco 881-CUBE Integrated Services Router | ||
| Cisco 881 3G Integrated Services Router | ||
| Cisco c881w Integrated Services Router | ||
| Cisco 881 Secure Fast Ethernet | ||
| Cisco c881w Integrated Services Router | ||
| Cisco 886va-cube Integrated Services Router | ||
| Cisco c886vaj Integrated Services Router | ||
| Cisco 886va-w Integrated Services Router | ||
| Cisco 886vag 3g Integrated Services Router | ||
| Cisco 887 multi-mode VDSL2/ADSL2+ POTS | ||
| Cisco 887va-cube Integrated Services Router | ||
| Cisco c887va Integrated Services Router | ||
| Cisco 887va-cube Integrated Services Router | ||
| Cisco 887vagw 3G Integrated Services Router | ||
| Cisco 887vagw 3G Integrated Services Router | ||
| Cisco 887vam-w Integrated Services Router | ||
| Cisco 887vagw 3G Integrated Services Router | ||
| Cisco 888e-cube Integrated Services Router | ||
| Cisco 888e-cube Integrated Services Router | ||
| Cisco 888e-cube Integrated Services Router | ||
| Cisco 888e-cube Integrated Services Router | ||
| Cisco 888EG 3G Integrated Services Router | ||
| Cisco 888w Integrated Services Router | ||
| Cisco 891-24x Integrated Services Router | ||
| Cisco 891-24x Integrated Services Router | ||
| Cisco 891w Integrated Services Router | ||
| Cisco 892 Integrated Services Router | ||
| Cisco 892f-cube Integrated Services Router | ||
| Cisco 892w Integrated Services Router | ||
| Cisco 896 multi-mode VDSL2/ADSL2+ ISDN | ||
| Cisco 897 multi-mode vdsl2/adsl2+ pots | ||
| Cisco 897 Multi-Mode VDSL2/ADSL2+ POTS Annex M | ||
| Cisco 898 Secure G.SHDSL EFM/ATM | ||
| Cisco c866vae Integrated Services Router | ||
| Cisco 867 Integrated Services Router | ||
| Cisco 881-CUBE Integrated Services Router | ||
| Cisco 881 3G Integrated Services Router | ||
| Cisco 886va-w Integrated Services Router | ||
| Cisco c886vaj Integrated Services Router | ||
| Cisco 887va-cube Integrated Services Router | ||
| Cisco 887vamg 3g Integrated Services Router | ||
| Cisco 888 Integrated Services Router | ||
| Cisco c888 Integrated Services Router | ||
| Cisco C891F Integrated Services Router | ||
| Cisco 891w Integrated Services Router | ||
| Cisco 892w Integrated Services Router | ||
| Cisco c896va Integrated Services Router | ||
| Cisco c897va-m Integrated Services Router | ||
| Cisco c897va-m Integrated Services Router | ||
| Cisco c897vaw Integrated Services Router | ||
| Cisco c897vam-w Integrated Services Router | ||
| Cisco c898ea Integrated Services Router | ||
| Cisco C899 Secure Gigabit Ethernet | ||
| Cisco VG204XM Analog Voice Gateway | ||
| Cisco VG350 Analog Voice Gateway | ||
| Cisco VG350 Analog Voice Gateway | ||
| Rockwell Automation Allen-Bradley Stratix 5900 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0163?
The severity of CVE-2018-0163 is considered high due to its potential to allow unauthenticated adjacent attackers to bypass authentication.
How do I fix CVE-2018-0163?
To fix CVE-2018-0163, upgrade your Cisco IOS Software to the latest recommended version as provided in Cisco's security advisory.
Which Cisco IOS versions are affected by CVE-2018-0163?
CVE-2018-0163 affects Cisco IOS versions 15.4(3)m6, 15.4(3)m7, 15.5(3)m3, 15.5(3)m4, 15.6(1)t2, 15.6(2)t1, and more.
What is the nature of the vulnerability in CVE-2018-0163?
The nature of the vulnerability in CVE-2018-0163 is a logic error introduced in the 802.1x multiple-authentication feature.
Can CVE-2018-0163 affect network security?
Yes, CVE-2018-0163 can significantly impact network security by allowing unauthorized access to network resources.
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/15.4\(3\)m6
- version/cisco ios/15.4\(3\)m6a
- version/cisco ios/15.4\(3\)m7
- version/cisco ios/15.4\(3\)m7a
- version/cisco ios/15.4\(3\)m8
- version/cisco ios/15.4\(3.0i\)m6
- version/cisco ios/15.5\(3\)m3
- version/cisco ios/15.5\(3\)m4
- version/cisco ios/15.5\(3\)m4a
- version/cisco ios/15.5\(3\)m4b
- version/cisco ios/15.5\(3\)m4c
- version/cisco ios/15.5\(3\)m5
- version/cisco ios/15.5\(3\)m5a
- version/cisco ios/15.5\(3\)m6
- version/cisco ios/15.5\(3\)m6a
- version/cisco ios/15.6\(1\)t2
- version/cisco ios/15.6\(1\)t3
- version/cisco ios/15.6\(2\)t1
- version/cisco ios/15.6\(2\)t2
- version/cisco ios/15.6\(2\)t3
- version/cisco ios/15.6\(3\)m
- version/cisco ios/15.6\(3\)m0a
- version/cisco ios/15.6\(3\)m1
- version/cisco ios/15.6\(3\)m1a
- version/cisco ios/15.6\(3\)m1b
- version/cisco ios/15.6\(3\)m2
- version/cisco ios/15.6\(3\)m2a
- version/cisco ios/15.6\(3\)m3
- version/cisco ios/15.6\(3\)m3a
- version/cisco ios/15.7\(3\)m
- version/cisco ios/15.7\(3\)m0a
- version/cisco ios/15.7\(3\)m1
- version/cisco ios/15.7\(3\)m2
- canonical/cisco connected grid routers
- canonical/cisco connected grid router
- canonical/cisco 1905 serial integrated services router
- canonical/cisco 1906c integrated services router
- canonical/cisco 1921 integrated services router
- canonical/cisco 1941w integrated services router
- canonical/cisco 2901 integrated services router
- canonical/cisco isr (integrated services router)
- canonical/cisco 2911 integrated services router
- canonical/cisco 2921 integrated services router
- canonical/cisco 2951 integrated services router
- canonical/cisco 3925 integrated services router
- canonical/cisco 3925e integrated services router
- canonical/cisco 3945 integrated services router
- canonical/cisco 3945e integrated services router
- canonical/cisco 5915 embedded service router
- canonical/cisco 5921 embedded services router
- canonical/cisco 5940 embedded services router
- canonical/cisco 8000 series routers
- canonical/cisco 800 series routers
- canonical/cisco 809 industrial integrated services router firmware
- canonical/cisco 812 3g integrated services router
- canonical/cisco 819 hardened integrated services router
- canonical/cisco 819 hardened dual radio 802.11n wifi integrated services router
- canonical/cisco 819 non-hardened secure multi-mode 4g lte m2m isr router
- canonical/cisco 819 non-hardened 4g lte m2m
- canonical/cisco 829 industrial integrated services router firmware
- canonical/cisco 860vae-w integrated services router
- canonical/cisco 861w integrated services router
- canonical/cisco 861 integrated services router
- canonical/cisco c866vae integrated services router
- canonical/cisco 867 integrated services router
- canonical/cisco 880-voice integrated services router
- canonical/cisco 881-cube integrated services router
- canonical/cisco 881 3g integrated services router
- canonical/cisco c881w integrated services router
- canonical/cisco 881 secure fast ethernet
- canonical/cisco 886va-cube integrated services router
- canonical/cisco c886vaj integrated services router
- canonical/cisco 886va-w integrated services router
- canonical/cisco 886vag 3g integrated services router
- canonical/cisco 887 multi-mode vdsl2/adsl2+ pots
- canonical/cisco 887va-cube integrated services router
- canonical/cisco c887va integrated services router
- canonical/cisco 887vagw 3g integrated services router
- canonical/cisco 887vam-w integrated services router
- canonical/cisco 888e-cube integrated services router
- canonical/cisco 888eg 3g integrated services router
- canonical/cisco 888w integrated services router
- canonical/cisco 891-24x integrated services router
- canonical/cisco 891w integrated services router
- canonical/cisco 892 integrated services router
- canonical/cisco 892f-cube integrated services router
- canonical/cisco 892w integrated services router
- canonical/cisco 896 multi-mode vdsl2/adsl2+ isdn
- canonical/cisco 897 multi-mode vdsl2/adsl2+ pots
- canonical/cisco 897 multi-mode vdsl2/adsl2+ pots annex m
- canonical/cisco 898 secure g.shdsl efm/atm
- canonical/cisco 887vamg 3g integrated services router
- canonical/cisco 888 integrated services router
- canonical/cisco c888 integrated services router
- canonical/cisco c891f integrated services router
- canonical/cisco c896va integrated services router
- canonical/cisco c897va-m integrated services router
- canonical/cisco c897vaw integrated services router
- canonical/cisco c897vam-w integrated services router
- canonical/cisco c898ea integrated services router
- canonical/cisco c899 secure gigabit ethernet
- canonical/cisco vg204xm analog voice gateway
- canonical/cisco vg350 analog voice gateway
- vendor/rockwellautomation
- canonical/rockwell automation allen-bradley stratix 5900