Vulnerabilities > CVE-2020-3231 - Incorrect Authorization vulnerability in Cisco IOS

CVSS 2.9 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

cisco

CWE-863

NVD

Published: 2020-06-03

Updated: 2020-06-08

Summary

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 15.2\(5\)E2 Cisco IOS 15.2\(5\)Ex Cisco IOS 15.2\(5A\)E Cisco IOS 15.2\(5B\)E Cisco IOS 15.2\(5C\)E Cisco IOS 15.2\(6\)E Cisco IOS 15.2\(6\)E0C Cisco IOS 15.2\(6\)E1 Cisco IOS 15.2\(6\)E1A Cisco IOS 15.2\(6\)E1S Cisco IOS 15.2\(6\)E2 Cisco IOS 15.2\(6\)E2B Cisco IOS 15.2\(6\)E3 Cisco IOS 15.2\(6\)E4 Cisco IOS 15.2\(7\)E Cisco IOS 15.2\(7\)E0A Cisco IOS 15.2\(7\)E0B Cisco IOS 15.2\(7\)E0S Cisco IOS 15.2\(7A\)E0B Cisco IOS 15.2\(7B\)E0B Cisco IOS 15.3\(3\)Jaa1 Cisco IOS 15.3\(3\)Jpj	22

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960L-DpWA9Re4