CVE-2018-0277 — Improper Certificate Validation in Cisco Identity Services Engine

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.4%

top 39.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine

Timeline

PublishedMay 17

Latest updateMay 13

Description

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability b…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

▶NVDcisco/identity_services_engine4 versions+3

🔴Vulnerability Details

GHSA

GHSA-7hf4-2cmf-xpcc: A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the↗2022-05-13

▶

CVEList

CVE-2018-0277: A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the↗2018-05-17

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability↗2018-05-16

▶