cnvd - cnvd-2018-17713

cnvd-2018-17713

Vulnerability from cnvd

Title: Cisco Small Business 100 Series和300 Series Wireless Access Points加密算法降级漏洞

Description:

Cisco Small Business 100 Series Wireless Access Points和Small Business 300 Series Wireless Access Points都是美国思科（Cisco）公司的不同系列的无线接入点产品，它提供高容量的无线局域网和访客接入服务等功能。

Cisco Small Business 100 Series Wireless Access Points和Small Business 300 Series Wireless Access Points中的Extensible Authentication Protocol over LAN (EAPOL)功能的实现存在加密问题漏洞，该漏洞源于在Wi-Fi握手进程中程序未能正确地处理接收到的EAPOL消息。攻击者可通过实施中间人攻击并操纵EAPOL信息的交换利用该漏洞使用户使用WPA-TKIP加密算法，泄露敏感信息。

Severity: 低

Patch Name: Cisco Small Business 100 Series和300 Series Wireless Access Points加密算法降级漏洞的补丁

Patch Description:

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj29229

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt

Impacted products

Name
['Cisco Small Business 100 Series Wireless Access PointsPoints', 'Cisco Small Business 300 Series Wireless Access Points']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0412"
    }
  },
  "description": "Cisco Small Business 100 Series Wireless Access Points\u548cSmall Business 300 Series Wireless Access Points\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u65e0\u7ebf\u63a5\u5165\u70b9\u4ea7\u54c1\uff0c\u5b83\u63d0\u4f9b\u9ad8\u5bb9\u91cf\u7684\u65e0\u7ebf\u5c40\u57df\u7f51\u548c\u8bbf\u5ba2\u63a5\u5165\u670d\u52a1\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Small Business 100 Series Wireless Access Points\u548cSmall Business 300 Series Wireless Access Points\u4e2d\u7684Extensible Authentication Protocol over LAN (EAPOL)\u529f\u80fd\u7684\u5b9e\u73b0\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728Wi-Fi\u63e1\u624b\u8fdb\u7a0b\u4e2d\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406\u63a5\u6536\u5230\u7684EAPOL\u6d88\u606f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u5e76\u64cd\u7eb5EAPOL\u4fe1\u606f\u7684\u4ea4\u6362\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u6237\u4f7f\u7528WPA-TKIP\u52a0\u5bc6\u7b97\u6cd5\uff0c\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj29229",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17713",
  "openTime": "2018-09-06",
  "patchDescription": "Cisco Small Business 100 Series Wireless Access Points\u548cSmall Business 300 Series Wireless Access Points\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u65e0\u7ebf\u63a5\u5165\u70b9\u4ea7\u54c1\uff0c\u5b83\u63d0\u4f9b\u9ad8\u5bb9\u91cf\u7684\u65e0\u7ebf\u5c40\u57df\u7f51\u548c\u8bbf\u5ba2\u63a5\u5165\u670d\u52a1\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Small Business 100 Series Wireless Access Points\u548cSmall Business 300 Series Wireless Access Points\u4e2d\u7684Extensible Authentication Protocol over LAN (EAPOL)\u529f\u80fd\u7684\u5b9e\u73b0\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728Wi-Fi\u63e1\u624b\u8fdb\u7a0b\u4e2d\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406\u63a5\u6536\u5230\u7684EAPOL\u6d88\u606f\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u5e76\u64cd\u7eb5EAPOL\u4fe1\u606f\u7684\u4ea4\u6362\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u6237\u4f7f\u7528WPA-TKIP\u52a0\u5bc6\u7b97\u6cd5\uff0c\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Small Business 100 Series\u548c300 Series Wireless Access Points\u52a0\u5bc6\u7b97\u6cd5\u964d\u7ea7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Small Business 100 Series Wireless Access PointsPoints",
      "Cisco Small Business 300 Series Wireless Access Points"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt",
  "serverity": "\u4f4e",
  "submitTime": "2018-08-17",
  "title": "Cisco Small Business 100 Series\u548c300 Series Wireless Access Points\u52a0\u5bc6\u7b97\u6cd5\u964d\u7ea7\u6f0f\u6d1e"
}

CVE-2018-0412 (GCVE-0-2018-0412)

Vulnerability from cvelistv5

Published

2018-08-15 20:00

Modified

2024-11-26 14:47

Severity ?

CWE

CWE-310

Summary

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

Cisco Systems, Inc.

Small Business 100 Series Wireless Access Points

Version: unspecified

Cisco Systems, Inc.

Small Business 300 Series Wireless Access Points

Version: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:48:45.387371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:47:53.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Small Business 100 Series Wireless Access Points",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Small Business 300 Series Wireless Access Points",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "datePublic": "2018-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "CWE-310",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-15T19:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-08-15T00:00:00",
          "ID": "CVE-2018-0412",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Small Business 100 Series Wireless Access Points",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unspecified"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Small Business 300 Series Wireless Access Points",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unspecified"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0412",
    "datePublished": "2018-08-15T20:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:47:53.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted