Dynamic Access Control List Flaw in Cisco Catalyst 4000 Series Switches
CVE-2017-12213

4.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Catalyst 4000 Series Switches
Vendor
CVE Published:
7 September 2017

Summary

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software on Catalyst 4000 Series Switches may allow an unauthenticated adjacent attacker to cause the dynamic ACL assignment to fail. This situation can lead to a port failing open and may enable the attacker to pass traffic to the default VLAN associated with the affected port. The root cause of this vulnerability lies in an uncaught error that arises during the reassignment of the auth-default-ACL dynamic ACL following a failure of 802.1x authentication. If exploited successfully, this issue could allow a physically adjacent attacker to bypass 802.1x authentication security, creating a significant risk for network integrity.

Affected Version(s)

Cisco Catalyst 4000 Series Switches Cisco Catalyst 4000 Series Switches

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039284
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/100663
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.