CVE-2020-3231

Published Jun 3, 2020

Last updated 4 years ago

Overview

Description: A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.7
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 4.7
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.9
Impact score: 2.9
Exploitability score: 5.5
Vector string: AV:A/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-863
ykramarz@cisco.com: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5\\)e2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD28874B-148A-4299-9AA1-67A550B25F8C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5\\)ex:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A472B96-0DDE-49DD-A7E3-A82DD6AEB3DD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5a\\)e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A2EB46D-16E0-4C31-8634-C33D70B5381A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5b\\)e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F29B2E6F-ED6C-4568-9042-7A1BD96A9E07"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5c\\)e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7803B445-FE22-4D4B-9F3A-68EFE528195E"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "199DCF1B-8A1E-47CC-87A6-64E6F21D8886"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e0c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD05109E-1183-419D-96A1-9CD5EA5ECC3C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3C73A3A-4B84-476F-AC3C-81DCB527E29A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7551128E-9E23-4C42-A681-6BE64D284C93"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EB7BFE1-06ED-4B45-8B4F-2B309B8D6342"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DEE2C71-C401-43D1-86DC-725FE5FDF87E"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB2842F6-4CD5-457C-AC75-241A5AB9534B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ABE0470-E94A-4CAF-865D-73E2607A0DC1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D229A62B-032E-499C-B02F-6EB07D5FF524"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6437E689-A049-4D48-AB7A-49CA7EBDE8B6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "110B699D-169E-4932-A480-6EBB90CAE94B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4C12918-E5BB-465E-9DA4-06B7351DD805"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4862C453-8BD7-4D53-B2D6-CE3E44A4915A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7a\\)e0b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1374E243-4EC2-4A81-991C-B5705135CAD2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(7b\\)e0b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6ECA6101-94BA-4209-8243-A56AF02963EA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References