CVE-2011-2057

Name of the Vulnerable Software and Affected Versions Cisco IOS versions prior to 12.2(33)SXI7

Description The issue is related to the cat6000-dot1x component, which does not properly handle certain network loops. This can be exploited by remote attackers to cause a denial of service, resulting in a traffic storm, via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames.

Recommendations For versions prior to 12.2(33)SXI7, update to version 12.2(33)SXI7 or later to resolve the issue. As a temporary workaround, consider restricting network loops between dot1x enabled ports and open-authentication dot1x enabled ports, as well as between dot1x enabled ports and non-dot1x ports, to minimize the risk of exploitation.