CVE-2002-0339 — Sensitive Information Exposure in Cisco IOS

CWE-200 — Sensitive Information Exposure4 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

2.3%

top 15.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco Express Forwarding Enabled

Timeline

PublishedJun 25

Latest updateApr 30

Description

Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶ciscocisco/express_forwarding_enabled

▶NVDcisco/ios10 versions+9

Patches

Patch: www.cisco.com ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-9837-m8h3-j3ch: Cisco IOS 11↗2022-04-30

▶

📋Vendor Advisories

Cisco

Data Leak with Cisco Express Forwarding Enabled↗2002-02-27

▶

Cisco

Data Leak with Cisco Express Forwarding Enabled↗

▶