← Back

CVE-2020-3418

nvd nist
Published: Sep 24, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.7
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.

Affected (1)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Ios Xe
Version 17.1.1
Running on/withPlatform Versions
Cisco
Catalyst 9800 40
All versions
Cisco
Catalyst 9800 80
All versions
Cisco
Catalyst 9800 Cl
All versions
Cisco
Catalyst 9800 L
All versions
Cisco
Catalyst 9800 L C
All versions
Cisco
Catalyst 9800 L F
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.