Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3418

Опубликовано: 24 сент. 2020
Источник: nvd
CVSS3: 4.7
CVSS3: 4.7
CVSS2: 3.3
EPSS Низкий

Описание

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%
0.00062
Низкий

4.7 Medium

CVSS3

4.7 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-284
NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-9g2r-34xj-79x9

github
больше 3 лет назад

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.

fstec логотип

BDU:2020-05712

CVSS3: 4.7
fstec
больше 5 лет назад

Уязвимость микропрограммного обеспечения контроллера беспроводной связи Cisco IOS XE маршрутизаторов Cisco Catalyst 9800 Series, связанная с ошибками при управлении доступом, позволяющая нарушителю отправить трафик ICMPv6 до перевода клиента в состояние RUN

EPSS

Процентиль: 20%
0.00062
Низкий

4.7 Medium

CVSS3

4.7 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-284
NVD-CWE-Other