CVE-2018-15372

Name of the Vulnerable Software and Affected Versions Cisco IOS XE (affected versions not specified)

Description The issue is related to a logic error in the MACsec Key Agreement (MKA) functionality of Cisco IOS XE Software, specifically when using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS). This error could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The attacker could exploit this by connecting to and passing traffic through a Layer 3 interface, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the attacker to bypass 802.1x network access controls and gain access to the network.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.