CVE-2020-3418Improper Access Control in Cisco IOS XE Software

CWE-284Improper Access ControlCWE-269Improper Privilege ManagementCWE-281Improper Preservation of Permissions6 documents6 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 80.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 24
Latest updateMay 24

Description

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the atta

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/ios_xe17.1.1

🔴Vulnerability Details

2
GHSA
GHSA-9g2r-34xj-79x9: A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker2022-05-24
CVEList
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control Vulnerability2020-09-24

📋Vendor Advisories

3
Microsoft
If certificates that signed grub are installed into db grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot 2021-03-09
Red Hat
grub2: grub 2.05 reintroduced CVE-2020-157052021-03-02
Cisco
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control Vulnerability2020-09-24
CVE-2020-3418 — Improper Access Control in Cisco | cvebase