CVE-2018-0277
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability by initiating EAP authentication over TLS to the ISE with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the ISE application server, resulting in a DoS condition on the affected system. The ISE application could continue to restart while the client attempts to establish the EAP authentication connection. If an attacker attempted to import the same EAP-TLS certificate to the ISE trust store, it could trigger a DoS condition on the affected system. This exploit vector would require the attacker to have valid administrator credentials. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance. Cisco Bug IDs: CSCve31857.
Una vulnerabilidad en la validación de certificados Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) durante la autenticación EAP en Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto no autenticado haga que el servidor de la aplicación ISE se reinicie de forma inesperada, provocando una denegación de servicio (DoS) en un sistema afectado. Esta vulnerabilidad se debe a la incompleta validación de entrada del certificado EAP-TLS del cliente. Un atacante podría explotar esta vulnerabilidad iniciando la autenticación EAP por TLS en el ISE con un certificado EAP-TLS manipulado. Su explotación con éxito podría permitir que el atacante reinicie el servidor de la aplicación ISE, provocando una denegación de servicio (DoS) en el sistema afectado. La aplicación ISE podría seguir reiniciándose mientras el cliente intenta establecer la conexión de autenticación EAP. Si un atacante intentase importar el mismo certificado EAP-TLS en el trust store de ISE, se desencadenaría una condición de denegación de servicio (DoS) en el sistema afectado. El vector de explotación requeriría que el atacante cuente con credenciales de administrador válidas. Esta vulnerabilidad afecta a Cisco ISE, Cisco ISE Express y Cisco ISE Virtual Appliance. Cisco Bug IDs: CSCve31857.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-05-17 CVE Published
- 2023-11-16 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104212 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040922 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.0\(0.306\) Search vendor "Cisco" for product "Identity Services Engine" and version "2.0\(0.306\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.0\(1.130\) Search vendor "Cisco" for product "Identity Services Engine" and version "2.0\(1.130\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.1\(0.474\) Search vendor "Cisco" for product "Identity Services Engine" and version "2.1\(0.474\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.2\(0.470\) Search vendor "Cisco" for product "Identity Services Engine" and version "2.2\(0.470\)" | - |
Affected
| ||||||