CVE-2018-0412
Description
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An EAPOL message processing flaw in Cisco Small Business WAPs allows an unauthenticated, adjacent attacker to force WPA-TKIP cipher downgrade, enabling cryptographic attacks.
Vulnerability
The vulnerability resides in the Extensible Authentication Protocol over LAN (EAPOL) implementation of Cisco Small Business 100 Series and 300 Series Wireless Access Points. It stems from improper processing of certain EAPOL messages during the Wi-Fi handshake (4-way handshake). An attacker can manipulate the exchange to force the use of the weaker WPA-TKIP cipher instead of the more secure AES-CCMP cipher. All firmware versions prior to the fix are affected; details of specific releases are available via Cisco Bug ID CSCvj29229 [1].
Exploitation
An attacker must be in an adjacent network position (within radio range) and establish a man-in-the-middle (MITM) position between a supplicant (Wi-Fi client) and the authenticator (access point). No authentication or prior access to the network is required. The attacker then intercepts and modifies EAPOL messages during the 4-way handshake to negotiate the weaker WPA-TKIP cipher [1]. The victim must be connecting or reconnecting to the access point for the attack to succeed.
Impact
Successful exploitation forces the encryption algorithm downgrade to WPA-TKIP. This weakens the security of the wireless session and allows the attacker to conduct subsequent cryptographic attacks, such as dictionary or brute-force attacks on the TKIP key, potentially leading to the disclosure of confidential information transmitted over the Wi-Fi connection [1].
Mitigation
Cisco has released fixed software versions for affected products. For specific fixed release information, refer to Cisco Bug ID CSCvj29229 and the Cisco Security Advisory [1]. No workarounds are available. Users should upgrade to the latest firmware provided by Cisco for their respective access point model [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encryptmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.