CVE-2018-0412

Name of the Vulnerable Software and Affected Versions Cisco Small Business 100 Series Wireless Access Points (affected versions not specified) Cisco Small Business 300 Series Wireless Access Points (affected versions not specified)

Description A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information.

Recommendations For Cisco Small Business 100 Series Wireless Access Points, consider disabling the EAPOL functionality until a patch is available. For Cisco Small Business 300 Series Wireless Access Points, restrict access to the EAPOL message exchange to minimize the risk of exploitation. As a temporary workaround, consider configuring the access points to only use the AES-CCMP cipher for encryption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.