A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent malicious user to bypass authentication and pass traffic through a Layer 3 interface of an affected device. The vulnerability is due to a logic error in the affected software. An attacker could exploit this vulnerability by connecting to and passing traffic through a Layer 3 interface of an affected device, if the interface is configured for MACsec MKA using EAP-TLS and is running in access-session closed mode. A successful exploit could allow the malicious user to bypass 802.1x network access controls and gain access to the network.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios xe 16.8.1 |
||
cisco ios xe 16.9.1 |