CVE-2019-1758
moderate-risk
Published 2019-03-28
A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network.
Do I need to act?
-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/107616
Third Party Advisory
http://www.securityfocus.com/bid/107616
45
/ 100
moderate-risk
Severity
16/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
28/34 · Critical