MACsec Key Agreement Vulnerability in Cisco IOS XE Software

MACsec Key Agreement Vulnerability in Cisco IOS XE Software

CVE-2018-15372 · MEDIUM Severity

AV:A/AC:L/AU:N/C:P/I:P/A:N

A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.

Learn more about our Cis Benchmark Audit For Apple Ios.