// For flags

CVE-2020-3231

Cisco IOS Software for Catalyst 2960-L Series Switches and Catalyst CDB-8P Switches 802.1X Authentication Bypass Vulnerability

Severity Score

4.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication.

Una vulnerabilidad en la funcionalidad 802.1X de Cisco Catalyst 2960-L Series Switches y Cisco Catalyst CDB-8P Switches, podría permitir a un atacante adyacente no autenticado reenviar el tráfico de difusión antes de ser autenticado en el puerto. La vulnerabilidad se presenta porque el tráfico de difusión que se recibe en el puerto habilitado para 802.1X se maneja inapropiadamente. Un atacante podría explotar esta vulnerabilidad mediante el envío de tráfico de difusión en el puerto antes de ser autenticado. Una explotación con éxito podría permitir al atacante enviar y recibir tráfico de difusión en el puerto habilitado para 802.1X antes de la autenticación.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-06-03 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-15 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
  • CWE-863: Incorrect Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(5\)e2
Search vendor "Cisco" for product "Ios" and version "15.2\(5\)e2"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(5\)ex
Search vendor "Cisco" for product "Ios" and version "15.2\(5\)ex"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(5a\)e
Search vendor "Cisco" for product "Ios" and version "15.2\(5a\)e"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(5b\)e
Search vendor "Cisco" for product "Ios" and version "15.2\(5b\)e"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(5c\)e
Search vendor "Cisco" for product "Ios" and version "15.2\(5c\)e"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e0c
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e0c"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e1
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e1"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e1a
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e1a"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e1s
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e1s"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e2
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e2"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e2b
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e2b"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e3
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e3"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(6\)e4
Search vendor "Cisco" for product "Ios" and version "15.2\(6\)e4"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(7\)e
Search vendor "Cisco" for product "Ios" and version "15.2\(7\)e"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(7\)e0a
Search vendor "Cisco" for product "Ios" and version "15.2\(7\)e0a"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(7\)e0b
Search vendor "Cisco" for product "Ios" and version "15.2\(7\)e0b"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(7\)e0s
Search vendor "Cisco" for product "Ios" and version "15.2\(7\)e0s"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(7a\)e0b
Search vendor "Cisco" for product "Ios" and version "15.2\(7a\)e0b"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.2\(7b\)e0b
Search vendor "Cisco" for product "Ios" and version "15.2\(7b\)e0b"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.3\(3\)jaa1
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jaa1"
-
Affected
Cisco
Search vendor "Cisco"
 Ios
Search vendor "Cisco" for product "Ios"
 15.3\(3\)jpj
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jpj"
-
Affected