CVE-2020-3418

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.

Published: Sep 24, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3418
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.7
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.3
AV:A/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	17.1.1	17.1.1.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-icmpv6-qb9eYyCR

Vulnerability Database

290,020

CVE-2020-3418