| VID |
29048 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco catalyst 5000 series switch has a 802.1x frame forwarding vulnerability(Cisco bug ID CSCdt62732). This vulnerability can be exploited to produce a denial of service (DoS) attack.
When an 802.1x (IEEE standard for port based network access control) frame is received by an affected Catalyst 5000 series switch on a STP (Spanning Tree Protocol) blocked port it is forwarded in that VLAN (Virtual Local Area Network) instead of being dropped. This causes a performance impacting 802.1x frames network storm in that part of the network, which is made up of the Catalyst 5000 series switch. This network storm degrades the performance of the network. Slower ports on the Catalyst 5000 series switch may stop passing user data. And finally the switch does not respond to any management inquiries via SNMP, Telnet or HTTP.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it also requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml
http://www.ciac.org/ciac/bulletins/l-072.shtml
* Platforms Affected:
Cisco Catalyst 5000 4.5 (11) or earlier
Cisco Catalyst 5000 5.5 (6) or earlier
Cisco Catalyst 5000 6.1 (2) or earlier |
| Recommendation |
Upgrade to the latest version of Cisco Catalyst 5000 series switch (4.5(12) or 5.5(7) or 6.1(3) and later). Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com .
As workarounds, prevent the 802.1x frames from causing an 802.1x frames network storm in an affected Catalyst 5000 series switch network. These workarounds can also be applied to a network experiencing an 802.1x frames network storm.
For details, see http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml |
| Related URL |
CVE-2001-0429 (CVE) |
| Related URL |
2604 (SecurityFocus) |
| Related URL |
6379 (ISS) |
|
