HOMEVULNERABILITIESCVE-2018-0163
MEDIUM

CVE-2018-0163

CWE-287Published: March 28, 2018· Updated: Jun 17, 2026

6.5
CVSS v3.1

Official Description

A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701.

NVD Source

Technical Analysis

CVE-2018-0163 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in full integrity compromise (data manipulation), with a CVSS base score of 6.5.

From a weakness classification perspective (CWE-287): Authentication bypass vulnerabilities allow attackers to access protected resources without valid credentials.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorAdjacent
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityHigh
AvailabilityNone
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Vendors & Products

Cisco95 product(s)
ios1120 connected grid router1240 connected grid router1905 serial integrated services router1906c integrated services router1921 integrated services router1941 integrated services router1941w integrated services router2010 connected grid router2901 integrated services router2911 integrated services router2911a integrated services router+83
rockwellautomation1 product(s)
stratix 5900
Source: NVD CPE · 128 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (4)

Quick Facts

CVE IDCVE-2018-0163
CVSS Score6.5 / 10
SeverityMEDIUM
WeaknessCWE-287
CISA KEVNo
Affected2 vendor(s)
PublishedMar 28, 2018

Related CVEs (CWE-287)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2018-0163 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.