// For flags

CVE-2018-0277

 

Severity Score

8.6
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability by initiating EAP authentication over TLS to the ISE with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the ISE application server, resulting in a DoS condition on the affected system. The ISE application could continue to restart while the client attempts to establish the EAP authentication connection. If an attacker attempted to import the same EAP-TLS certificate to the ISE trust store, it could trigger a DoS condition on the affected system. This exploit vector would require the attacker to have valid administrator credentials. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance. Cisco Bug IDs: CSCve31857.

Una vulnerabilidad en la validación de certificados Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) durante la autenticación EAP en Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto no autenticado haga que el servidor de la aplicación ISE se reinicie de forma inesperada, provocando una denegación de servicio (DoS) en un sistema afectado. Esta vulnerabilidad se debe a la incompleta validación de entrada del certificado EAP-TLS del cliente. Un atacante podría explotar esta vulnerabilidad iniciando la autenticación EAP por TLS en el ISE con un certificado EAP-TLS manipulado. Su explotación con éxito podría permitir que el atacante reinicie el servidor de la aplicación ISE, provocando una denegación de servicio (DoS) en el sistema afectado. La aplicación ISE podría seguir reiniciándose mientras el cliente intenta establecer la conexión de autenticación EAP. Si un atacante intentase importar el mismo certificado EAP-TLS en el trust store de ISE, se desencadenaría una condición de denegación de servicio (DoS) en el sistema afectado. El vector de explotación requeriría que el atacante cuente con credenciales de administrador válidas. Esta vulnerabilidad afecta a Cisco ISE, Cisco ISE Express y Cisco ISE Virtual Appliance. Cisco Bug IDs: CSCve31857.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-27 CVE Reserved
  • 2018-05-17 CVE Published
  • 2023-11-16 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.0\(0.306\)
Search vendor "Cisco" for product "Identity Services Engine" and version "2.0\(0.306\)"
-
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.0\(1.130\)
Search vendor "Cisco" for product "Identity Services Engine" and version "2.0\(1.130\)"
-
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.1\(0.474\)
Search vendor "Cisco" for product "Identity Services Engine" and version "2.1\(0.474\)"
-
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.2\(0.470\)
Search vendor "Cisco" for product "Identity Services Engine" and version "2.2\(0.470\)"
-
Affected