CVE-2019-1758 MEDIUM

CVE-2019-1758: Cisco IOS Software Catalyst 6500 Series 802.1x Authentication Bypass Vulnerability

Vendor Cisco
Product Cisco IOS Software
Weakness CWE-287 · Improper authentication
Published March 28, 2019
Last update November 21, 2024

CVSS base score

4.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network.

Key dates

02Disclosure timeline

March 28, 2019 CVE published
November 21, 2024 Record updated