How severe is CVE-2018-0412?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2018-0412?

This is classified as CWE-310, which is a common weakness in software security.

CVE-2018-0412

MEDIUM Year: 2018

CVSS v3 Score

5.3

Medium

CVSS v2 Score

2.9

Low

Weakness Type

CWE-310

View all →

Vulnerability Description

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.

CVE-2011-4461

MEDIUM

CVSS:5.3(Medium)

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service ...

CWE-3102011

CVE-2013-5391

MEDIUM

CVSS:5.3(Medium)

IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and...

CWE-3102013

CVE-2016-1000339

MEDIUM

CVSS:5.3(Medium)

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if t...

CWE-3102016

CVE-2016-10099

MEDIUM

CVSS:5.3(Medium)

Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.

CWE-3102016

CVE-2016-1948

MEDIUM

CVSS:5.3(Medium)

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modif...

CWE-3102016

CVE-2016-9346

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

CWE-3102016

CVE-2018-0412

Vulnerability Description

Related Vulnerabilities

CVE-2011-4461

CVE-2013-5391

CVE-2016-1000339

CVE-2016-10099

CVE-2016-1948

CVE-2016-9346