Sign-up

ID

VAR-201808-0298


CVE

CVE-2018-0412


TITLE

Cisco Small Business 100 Series and Small Business 300 Cryptographic vulnerability in Series Wireless Access Point

Trust: 0.8

sources: JVNDB: JVNDB-2018-009199

DESCRIPTION

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229. Vendors have confirmed this vulnerability Bug ID CSCvj29229 It is released as.Information may be tampered with

Trust: 2.34

sources: NVD: CVE-2018-0412 // JVNDB: JVNDB-2018-009199 // CNVD: CNVD-2018-17713 // VULHUB: VHN-118614 // VULMON: CVE-2018-0412

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-17713

AFFECTED PRODUCTS

vendor:ciscomodel:wap121scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap131scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap150scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap361scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap125scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap321scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap371scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap351scope:lteversion:1.0.6.6

Trust: 1.0

vendor:ciscomodel:wap121scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap125scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap131scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap150scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap321scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap351scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap361scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap371scope: - version: -

Trust: 0.8

vendor:ciscomodel:small business series wireless access pointspointsscope:eqversion:100

Trust: 0.6

vendor:ciscomodel:small business series wireless access pointsscope:eqversion:300

Trust: 0.6

vendor:ciscomodel:wap125scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap121scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap131scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap361scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap150scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap371scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap351scope:eqversion:1.0.6.6

Trust: 0.6

vendor:ciscomodel:wap321scope:eqversion:1.0.6.6

Trust: 0.6

sources: CNVD: CNVD-2018-17713 // JVNDB: JVNDB-2018-009199 // CNNVD: CNNVD-201808-460 // NVD: CVE-2018-0412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0412
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0412
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-17713
value: LOW

Trust: 0.6

CNNVD: CNNVD-201808-460
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118614
value: LOW

Trust: 0.1

VULMON: CVE-2018-0412
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0412
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-17713
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118614
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0412
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-17713 // VULHUB: VHN-118614 // VULMON: CVE-2018-0412 // JVNDB: JVNDB-2018-009199 // CNNVD: CNNVD-201808-460 // NVD: CVE-2018-0412

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118614 // JVNDB: JVNDB-2018-009199 // NVD: CVE-2018-0412

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201808-460

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-460

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009199

PATCH
title:cisco-sa-20180815-sb-wap-encrypturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt
Trust: 0.8
title:Patch for CiscoSmallBusiness100Series and 300Series WirelessAccessPoints Encryption Algorithm Downgrade Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/139609
Trust: 0.6
title:Cisco Small Business 100 Series Wireless Access Points  and Small Business 300 Series Wireless Access Points Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83760
Trust: 0.6
title:Cisco: Cisco Small Business 100 Series and 300 Series Wireless Access Points Encryption Algorithm Downgrade Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180815-sb-wap-encrypt
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-17713 // 
            
            
            
            VULMON: CVE-2018-0412 // 
            
            
            
            JVNDB: JVNDB-2018-009199 // 
            
            
            
            CNNVD: CNNVD-201808-460

EXTERNAL IDS
db:NVDid:CVE-2018-0412
Trust: 3.2
db:JVNDBid:JVNDB-2018-009199
Trust: 0.8
db:CNNVDid:CNNVD-201808-460
Trust: 0.7
db:CNVDid:CNVD-2018-17713
Trust: 0.6
db:VULHUBid:VHN-118614
Trust: 0.1
db:VULMONid:CVE-2018-0412
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-17713 // 
            
            
            
            VULHUB: VHN-118614 // 
            
            
            
            VULMON: CVE-2018-0412 // 
            
            
            
            JVNDB: JVNDB-2018-009199 // 
            
            
            
            CNNVD: CNNVD-201808-460 // 
            
            
            
            NVD: CVE-2018-0412

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180815-sb-wap-encrypt
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0412
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0412
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-17713 // 
            
            
            
            VULHUB: VHN-118614 // 
            
            
            
            VULMON: CVE-2018-0412 // 
            
            
            
            JVNDB: JVNDB-2018-009199 // 
            
            
            
            CNNVD: CNNVD-201808-460 // 
            
            
            
            NVD: CVE-2018-0412

SOURCES
db:CNVDid:CNVD-2018-17713
db:VULHUBid:VHN-118614
db:VULMONid:CVE-2018-0412
db:JVNDBid:JVNDB-2018-009199
db:CNNVDid:CNNVD-201808-460
db:NVDid:CVE-2018-0412

LAST UPDATE DATE
2024-11-23T23:02:02.519000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-17713date:2018-09-06T00:00:00
db:VULHUBid:VHN-118614date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0412date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-009199date:2018-11-12T00:00:00
db:CNNVDid:CNNVD-201808-460date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0412date:2024-11-21T03:38:10.520

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-17713date:2018-09-06T00:00:00
db:VULHUBid:VHN-118614date:2018-08-15T00:00:00
db:VULMONid:CVE-2018-0412date:2018-08-15T00:00:00
db:JVNDBid:JVNDB-2018-009199date:2018-11-12T00:00:00
db:CNNVDid:CNNVD-201808-460date:2018-08-16T00:00:00
db:NVDid:CVE-2018-0412date:2018-08-15T20:29:00.767