CVE-2011-2057
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327.
El componente cat6000-dot1x en Cisco IOS v12.2 anterior a v12.2(33)SXI7 no controla correctamente (1) un bucle entre un puerto dot1x activado y una puerto habilitado para autenticación abierta dot1x y (2) un bucle entre un puerto dot1x habilitado y un puerto no dot1x, lo que permite a atacantes remotoso provocar una denegación de servicio (tormenta de tráfico) a través de vectores no especificados que disparan muchas tramas Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) también conocido como Bug ID CSCtq36327.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-05-10 CVE Reserved
- 2011-10-22 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | >= 12.2 < 12.2\(33\)sxi7 Search vendor "Cisco" for product "Ios" and version " >= 12.2 < 12.2\(33\)sxi7" | - |
Affected
| ||||||