CVE-2005-1942

Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.pdf	Vendor Advisory
http://www.securitytracker.com/alerts/2005/Jun/1014135.html	Vendor Advisory
http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml
http://marc.info/?l=bugtraq&m=111842833009771&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/20939

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:catalyst:*:*:*:*:*:*:*:*

Information

Published : 2005-06-09 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-1942

Mitre link : CVE-2005-1942

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cisco

catalyst

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.pdf", "name": "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.pdf", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securitytracker.com/alerts/2005/Jun/1014135.html", "name": "1014135", "tags": ["Vendor Advisory"], "refsource": "SECTRACK"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml", "name": "20050608 Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access", "tags": [], "refsource": "CISCO"}, {"url": "http://marc.info/?l=bugtraq&m=111842833009771&w=2", "name": "20050610 Voice VLAN Access/Abuse Possible on Cisco voice-enabled, 802.1x-secured Interfaces Vulnerability Discovery: FishNet Security", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20939", "name": "cisco-callmanager-voice-gain-access(20939)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1942", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-06-10T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:catalyst:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}

7.5 /10