4.7

CVE-2020-3231

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Version15.2(5)e2
CiscoIos Version15.2(5)ex
CiscoIos Version15.2(5a)e
CiscoIos Version15.2(5b)e
CiscoIos Version15.2(5c)e
CiscoIos Version15.2(6)e
CiscoIos Version15.2(6)e0c
CiscoIos Version15.2(6)e1
CiscoIos Version15.2(6)e1a
CiscoIos Version15.2(6)e1s
CiscoIos Version15.2(6)e2
CiscoIos Version15.2(6)e2b
CiscoIos Version15.2(6)e3
CiscoIos Version15.2(6)e4
CiscoIos Version15.2(7)e
CiscoIos Version15.2(7)e0a
CiscoIos Version15.2(7)e0b
CiscoIos Version15.2(7)e0s
CiscoIos Version15.2(7a)e0b
CiscoIos Version15.2(7b)e0b
CiscoIos Version15.3(3)jaa1
CiscoIos Version15.3(3)jpj
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.183
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 2.8 1.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
nvd@nist.gov 2.9 5.5 2.9
AV:A/AC:M/Au:N/C:P/I:N/A:N
psirt@cisco.com 4.7 2.8 1.4
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.