PT-2002-3028 · Cisco · Cisco Catalyst 4000 Series Switches

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2316

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst 4000 series switches version 5.5.5 Cisco Catalyst 4000 series switches version 6.3.5 Cisco Catalyst 4000 series switches version 7.1.2

Description: The issue causes unicast traffic to be broadcast across the switch, allowing remote attackers to obtain sensitive network information by sniffing. This occurs because the switches do not always learn MAC addresses from a single initial packet.

Recommendations: For version 5.5.5, update to a version that includes a fix for this issue. For version 6.3.5, update to a version that includes a fix for this issue. For version 7.1.2, update to a version that includes a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2316

Affected Products

Cisco Catalyst 4000 Series Switches

PT-2002-3028 · Cisco · Cisco Catalyst 4000 Series Switches

CVE-2002-2316

Related Identifiers

Affected Products

References · 5