CVE-2018-0412 (CNNVD-201808-460)
中文标题:
Cisco Small Business 100 Series Wireless Access Points和Small Business 300 Series Wireless Access Points 加密问题漏洞
英文标题:
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functio...
漏洞描述
中文描述:
Cisco Small Business 100 Series Wireless Access Points和Small Business 300 Series Wireless Access Points都是美国思科(Cisco)公司的不同系列的无线接入点产品,它提供高容量的无线局域网和访客接入服务等功能。 Cisco Small Business 100 Series Wireless Access Points和Small Business 300 Series Wireless Access Points中的Extensible Authentication Protocol over LAN (EAPOL)功能的实现存在加密问题漏洞,该漏洞源于在Wi-Fi握手进程中程序没有正确地处理接收到的EAPOL消息。攻击者可通过实施中间人攻击并操纵EAPOL信息的交换利用该漏洞使用户使用WPA-TKIP加密算法,泄露敏感信息。
英文描述:
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco Systems, Inc. | Small Business 100 Series Wireless Access Points | unspecified | - | - |
cpe:2.3:a:cisco_systems,_inc.:small_business_100_series_wireless_access_points:unspecified:*:*:*:*:*:*:*
|
| Cisco Systems, Inc. | Small Business 300 Series Wireless Access Points | unspecified | - | - |
cpe:2.3:a:cisco_systems,_inc.:small_business_300_series_wireless_access_points:unspecified:*:*:*:*:*:*:*
|
| cisco | wap121_firmware | * | - | - |
cpe:2.3:o:cisco:wap121_firmware:*:*:*:*:*:*:*:*
|
| cisco | wap125_firmware | * | - | - |
cpe:2.3:o:cisco:wap125_firmware:*:*:*:*:*:*:*:*
|
| cisco | wap131_firmware | * | - | - |
cpe:2.3:o:cisco:wap131_firmware:*:*:*:*:*:*:*:*
|
| cisco | wap150_firmware | * | - | - |
cpe:2.3:o:cisco:wap150_firmware:*:*:*:*:*:*:*:*
|
| cisco | wap321_firmware | * | - | - |
cpe:2.3:o:cisco:wap321_firmware:*:*:*:*:*:*:*:*
|
| cisco | wap351_firmware | * | - | - |
cpe:2.3:o:cisco:wap351_firmware:*:*:*:*:*:*:*:*
|
| cisco | wap361_firmware | * | - | - |
cpe:2.3:o:cisco:wap361_firmware:*:*:*:*:*:*:*:*
|
| cisco | wap371_firmware | * | - | - |
cpe:2.3:o:cisco:wap371_firmware:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-0412 |
2025-11-11 15:19:35 | 2025-11-11 07:34:57 |
| NVD | nvd_CVE-2018-0412 |
2025-11-11 14:55:57 | 2025-11-11 07:43:33 |
| CNNVD | cnnvd_CNNVD-201808-460 |
2025-11-11 15:10:04 | 2025-11-11 07:53:53 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 加密问题
- cnnvd_id: 未提取 -> CNNVD-201808-460
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.3
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 2 -> 10
- data_sources: ['cve'] -> ['cve', 'nvd']