Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2020-3418
HistorySep 24, 2020 - 6:15 p.m.

CVE-2020-3418

2020-09-2418:15:18
CWE-284
cisco
web.nvd.nist.gov
28
2
cve-2020-3418
cisco
ios xe
wireless controller
catalyst 9800
routers
vulnerability
icmpv6
access control
nvd

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

25.0%

JSON

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.

Affected configurations

Nvd
Node
ciscoios_xeMatch17.1.1
AND
ciscocatalyst_9800-40Match-
OR
ciscocatalyst_9800-80Match-
OR
ciscocatalyst_9800-clMatch-
OR
ciscocatalyst_9800-lMatch-
OR
ciscocatalyst_9800-l-cMatch-
OR
ciscocatalyst_9800-l-fMatch-
VendorProductVersionCPE
ciscoios_xe17.1.1cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*
ciscocatalyst_9800-40-cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*
ciscocatalyst_9800-80-cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*
ciscocatalyst_9800-cl-cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*
ciscocatalyst_9800-l-cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*
ciscocatalyst_9800-l-c-cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*
ciscocatalyst_9800-l-f-cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

Related

nvd 1
prion 1
cisco 1
nessus 1
cvelist 1
threatpost 1
nvd
nvd
CVE-2020-3418
2020-09-24 18:15:18
prion
prion
Improper access control
2020-09-24 18:15:00
cisco
cisco
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control Vulnerability
2020-09-24 16:00:00
nessus
nessus
Cisco IOS XE Software Wireless Controller for the Catalyst 9000 Family Improper Access Control (cisco-sa-ewlc-icmpv6-qb9eYyCR)
2020-12-14 00:00:00
cvelist
cvelist
CVE-2020-3418 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control Vulnerability
2020-09-24 18:01:37
threatpost
threatpost
Cisco Patch-Palooza Tackles 29 High-Severity Bugs
2020-09-24 20:21:26

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

25.0%

JSON
Related for CVE-2020-3418
nvd1prion1cisco1nessus1cvelist1threatpost1