Описание
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 12.2 (включая) до 12.2\(33\)sxi7 (исключая)
cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00527
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336.
EPSS
Процентиль: 66%
0.00527
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-20