Vulnerability-Lookup

BDU:2019-01392

Vulnerability from fstec - Published: 27.03.2019

Title

Уязвимость реализации стандарта 802.1X операционной системы Cisco IOS, позволяющая нарушителю получить доступ к сети

Description

Уязвимость реализации стандарта 802.1X операционной системы Cisco IOS связана с недостатками процедуры аутентификации. Эксплуатация уязвимости может позволить нарушителю получить доступ к сети

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS

Software Version

15.1(4)M12c (Cisco IOS), 15.1(2)SG8a (Cisco IOS), 15.1(1)SY1 (Cisco IOS), 15.1(2)SY (Cisco IOS), 15.1(2)SY1 (Cisco IOS), 15.1(2)SY2 (Cisco IOS), 15.1(1)SY2 (Cisco IOS), 15.1(1)SY3 (Cisco IOS), 15.1(2)SY3 (Cisco IOS), 15.1(1)SY4 (Cisco IOS), 15.1(2)SY4 (Cisco IOS), 15.1(1)SY5 (Cisco IOS), 15.1(1)SY6 (Cisco IOS), 15.1(2)SY6 (Cisco IOS), 15.1(2)SY7 (Cisco IOS), 15.1(2)SY8 (Cisco IOS), 15.1(2)SY9 (Cisco IOS), 15.1(2)SY10 (Cisco IOS), 15.1(2)SY11 (Cisco IOS), 15.2(1)SY (Cisco IOS), 15.2(1)SY1 (Cisco IOS), 15.2(1)SY0a (Cisco IOS), 15.2(1)SY2 (Cisco IOS), 15.2(2)SY (Cisco IOS), 15.2(1)SY1a (Cisco IOS), 15.2(2)SY1 (Cisco IOS), 15.2(2)SY2 (Cisco IOS), 15.2(1)SY3 (Cisco IOS), 15.2(1)SY4 (Cisco IOS), 15.2(2)SY3 (Cisco IOS), 15.2(1)SY5 (Cisco IOS), 15.3(1)SY (Cisco IOS), 15.3(1)SY1 (Cisco IOS), 15.3(1)SY2 (Cisco IOS), 15.6(2)SP3b (Cisco IOS), 15.4(1)SY (Cisco IOS), 15.4(1)SY1 (Cisco IOS), 15.4(1)SY2 (Cisco IOS), 15.5(1)SY (Cisco IOS), 15.1(3)SVG3d (Cisco IOS), 15.2(3)EA1 (Cisco IOS), 15.2(4a)EA5 (Cisco IOS), 15.1(3)SVI1b (Cisco IOS), 15.3(3)JF35 (Cisco IOS), 15.1(3)SVM3 (Cisco IOS), 15.1(3)SVN2 (Cisco IOS), 15.1(3)SVO1 (Cisco IOS), 15.1(3)SVO2 (Cisco IOS), 15.3(3)JI2 (Cisco IOS), 15.1(3)SVP1 (Cisco IOS), 15.3(3)JA1n (Cisco IOS), 15.1(3)SVK4b (Cisco IOS), 15.1(3)SVK4c (Cisco IOS), 15.2(4)JN1 (Cisco IOS), 12.2(60)EZ12 (Cisco IOS), 12.2(33)SXJ6 (Cisco IOS), 12.2(33)SXJ7 (Cisco IOS), 12.2(33)SXJ8 (Cisco IOS), 12.2(33)SXJ9 (Cisco IOS), 12.2(33)SXJ10 (Cisco IOS), 15.1(2)SY12 (Cisco IOS), 15.1(2)SY13 (Cisco IOS), 15.2(1)SY6 (Cisco IOS), 15.2(1)SY7 (Cisco IOS), 15.3(0)SY (Cisco IOS), 15.4(1)SY4 (Cisco IOS), 15.5(1)SY1 (Cisco IOS), 15.5(1)SY2 (Cisco IOS), 15.1(3)SVP2 (Cisco IOS)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500 https://www.securityfocus.com/bid/107616

CWE

CWE-287

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.1(4)M12c (Cisco IOS), 15.1(2)SG8a (Cisco IOS), 15.1(1)SY1 (Cisco IOS), 15.1(2)SY (Cisco IOS), 15.1(2)SY1 (Cisco IOS), 15.1(2)SY2 (Cisco IOS), 15.1(1)SY2 (Cisco IOS), 15.1(1)SY3 (Cisco IOS), 15.1(2)SY3 (Cisco IOS), 15.1(1)SY4 (Cisco IOS), 15.1(2)SY4 (Cisco IOS), 15.1(1)SY5 (Cisco IOS), 15.1(1)SY6 (Cisco IOS), 15.1(2)SY6 (Cisco IOS), 15.1(2)SY7 (Cisco IOS), 15.1(2)SY8 (Cisco IOS), 15.1(2)SY9 (Cisco IOS), 15.1(2)SY10 (Cisco IOS), 15.1(2)SY11 (Cisco IOS), 15.2(1)SY (Cisco IOS), 15.2(1)SY1 (Cisco IOS), 15.2(1)SY0a (Cisco IOS), 15.2(1)SY2 (Cisco IOS), 15.2(2)SY (Cisco IOS), 15.2(1)SY1a (Cisco IOS), 15.2(2)SY1 (Cisco IOS), 15.2(2)SY2 (Cisco IOS), 15.2(1)SY3 (Cisco IOS), 15.2(1)SY4 (Cisco IOS), 15.2(2)SY3 (Cisco IOS), 15.2(1)SY5 (Cisco IOS), 15.3(1)SY (Cisco IOS), 15.3(1)SY1 (Cisco IOS), 15.3(1)SY2 (Cisco IOS), 15.6(2)SP3b (Cisco IOS), 15.4(1)SY (Cisco IOS), 15.4(1)SY1 (Cisco IOS), 15.4(1)SY2 (Cisco IOS), 15.5(1)SY (Cisco IOS), 15.1(3)SVG3d (Cisco IOS), 15.2(3)EA1 (Cisco IOS), 15.2(4a)EA5 (Cisco IOS), 15.1(3)SVI1b (Cisco IOS), 15.3(3)JF35 (Cisco IOS), 15.1(3)SVM3 (Cisco IOS), 15.1(3)SVN2 (Cisco IOS), 15.1(3)SVO1 (Cisco IOS), 15.1(3)SVO2 (Cisco IOS), 15.3(3)JI2 (Cisco IOS), 15.1(3)SVP1 (Cisco IOS), 15.3(3)JA1n (Cisco IOS), 15.1(3)SVK4b (Cisco IOS), 15.1(3)SVK4c (Cisco IOS), 15.2(4)JN1 (Cisco IOS), 12.2(60)EZ12 (Cisco IOS), 12.2(33)SXJ6 (Cisco IOS), 12.2(33)SXJ7 (Cisco IOS), 12.2(33)SXJ8 (Cisco IOS), 12.2(33)SXJ9 (Cisco IOS), 12.2(33)SXJ10 (Cisco IOS), 15.1(2)SY12 (Cisco IOS), 15.1(2)SY13 (Cisco IOS), 15.2(1)SY6 (Cisco IOS), 15.2(1)SY7 (Cisco IOS), 15.3(0)SY (Cisco IOS), 15.4(1)SY4 (Cisco IOS), 15.5(1)SY1 (Cisco IOS), 15.5(1)SY2 (Cisco IOS), 15.1(3)SVP2 (Cisco IOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.03.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.04.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01392",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-1758",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. - - Cisco Catalyst 6500",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430 802.1X \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430 802.1X \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500\nhttps://www.securityfocus.com/bid/107616",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-287",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,7)"
}

CVE-2019-1758 (GCVE-0-2019-1758)

Vulnerability from cvelistv5 – Published: 2019-03-28 00:20 – Updated: 2024-11-21 19:41

Title

Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability

Summary

A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-287

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/107616	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS Software	Affected: 12.2(60)EZ12

Date Public ?

2019-03-27 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190327 Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500"
          },
          {
            "name": "107616",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107616"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1758",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T18:59:48.593791Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:41:33.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.2(60)EZ12"
            }
          ]
        }
      ],
      "datePublic": "2019-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-29T07:06:06.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190327 Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500"
        },
        {
          "name": "107616",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107616"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190327-c6500",
        "defect": [
          [
            "CSCvk25074"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-03-27T16:00:00-0700",
          "ID": "CVE-2019-1758",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "12.2(60)EZ12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.7",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190327 Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-c6500"
            },
            {
              "name": "107616",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107616"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190327-c6500",
          "defect": [
            [
              "CSCvk25074"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1758",
    "datePublished": "2019-03-28T00:20:14.474Z",
    "dateReserved": "2018-12-06T00:00:00.000Z",
    "dateUpdated": "2024-11-21T19:41:33.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-01392

CVE-2019-1758 (GCVE-0-2019-1758)

Tags

Sightings

Nomenclature