4.7

CVE-2019-1758

A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An attacker could exploit this vulnerability by attempting to connect to the network on an 802.1x configured port. A successful exploit could allow the attacker to intermittently obtain access to the network.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Version12.2(33)sxj6
CiscoIos Version12.2(33)sxj7
CiscoIos Version12.2(33)sxj8
CiscoIos Version12.2(33)sxj9
CiscoIos Version12.2(33)sxj10
CiscoIos Version12.2(60)ez12
CiscoIos Version15.1(1)sy1
CiscoIos Version15.1(1)sy2
CiscoIos Version15.1(1)sy3
CiscoIos Version15.1(1)sy4
CiscoIos Version15.1(1)sy5
CiscoIos Version15.1(1)sy6
CiscoIos Version15.1(2)sg8a
CiscoIos Version15.1(2)sy
CiscoIos Version15.1(2)sy1
CiscoIos Version15.1(2)sy2
CiscoIos Version15.1(2)sy3
CiscoIos Version15.1(2)sy4
CiscoIos Version15.1(2)sy4a
CiscoIos Version15.1(2)sy5
CiscoIos Version15.1(2)sy6
CiscoIos Version15.1(2)sy7
CiscoIos Version15.1(2)sy8
CiscoIos Version15.1(2)sy9
CiscoIos Version15.1(2)sy10
CiscoIos Version15.1(2)sy11
CiscoIos Version15.1(2)sy12
CiscoIos Version15.1(2)sy13
CiscoIos Version15.1(3)svg3d
CiscoIos Version15.1(3)svi1b
CiscoIos Version15.1(3)svk4b
CiscoIos Version15.1(3)svk4c
CiscoIos Version15.1(3)svm3
CiscoIos Version15.1(3)svn2
CiscoIos Version15.1(3)svo1
CiscoIos Version15.1(3)svo2
CiscoIos Version15.1(3)svp1
CiscoIos Version15.1(3)svp2
CiscoIos Version15.1(4)m12c
CiscoIos Version15.2(1)sy
CiscoIos Version15.2(1)sy0a
CiscoIos Version15.2(1)sy1
CiscoIos Version15.2(1)sy1a
CiscoIos Version15.2(1)sy2
CiscoIos Version15.2(1)sy3
CiscoIos Version15.2(1)sy4
CiscoIos Version15.2(1)sy5
CiscoIos Version15.2(1)sy6
CiscoIos Version15.2(1)sy7
CiscoIos Version15.2(2)sy
CiscoIos Version15.2(2)sy1
CiscoIos Version15.2(2)sy2
CiscoIos Version15.2(2)sy3
CiscoIos Version15.2(3)ea1
CiscoIos Version15.2(4)jn1
CiscoIos Version15.2(4a)ea5
CiscoIos Version15.3(0)sy
CiscoIos Version15.3(1)sy
CiscoIos Version15.3(1)sy1
CiscoIos Version15.3(1)sy2
CiscoIos Version15.3(3)ja1n
CiscoIos Version15.3(3)jf35
CiscoIos Version15.3(3)ji2
CiscoIos Version15.4(1)sy
CiscoIos Version15.4(1)sy1
CiscoIos Version15.4(1)sy2
CiscoIos Version15.4(1)sy3
CiscoIos Version15.4(1)sy4
CiscoIos Version15.5(1)sy
CiscoIos Version15.5(1)sy1
CiscoIos Version15.5(1)sy2
CiscoIos Version15.6(2)sp3b
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.446
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com 4.7 2.8 1.4
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/107616
Third Party Advisory
VDB Entry