ID

VAR-200212-0791


CVE

CVE-2002-2316


TITLE

Cisco Catalyst Unicast Traffic Broadcast Vulnerability

Trust: 0.9

sources: BID: 4790 // CNNVD: CNNVD-200212-305

DESCRIPTION

Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing. Catalyst is a commercial-grade switch distributed by Cisco. Under normal circumstances, a switch will learn the MAC address of a system connected to a port after one packet. It has been reported that the switch may not learn the MAC of a connected system until several more packets have been sent to the unknown host. By doing so, unicast traffic between two systems across the switch may be broadcast to all systems connected to the switch. Remote attackers can obtain sensitive network information through sniffing

Trust: 1.26

sources: NVD: CVE-2002-2316 // BID: 4790 // VULHUB: VHN-6699

AFFECTED PRODUCTS

vendor:ciscomodel:catosscope:eqversion:6.3\(5\)

Trust: 1.6

vendor:ciscomodel:catosscope:eqversion:5.5\(5\)

Trust: 1.6

vendor:ciscomodel:catosscope:eqversion:7.1\(2\)

Trust: 1.6

vendor:ciscomodel:catalystscope:eqversion:40007.1.2

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:40006.3.5

Trust: 0.3

vendor:ciscomodel:catalystscope:eqversion:40005.5.5

Trust: 0.3

sources: BID: 4790 // CNNVD: CNNVD-200212-305 // NVD: CVE-2002-2316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-2316
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200212-305
value: MEDIUM

Trust: 0.6

VULHUB: VHN-6699
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-2316
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6699
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6699 // CNNVD: CNNVD-200212-305 // NVD: CVE-2002-2316

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-305

TYPE

Design Error

Trust: 0.9

sources: BID: 4790 // CNNVD: CNNVD-200212-305

EXTERNAL IDS

db:BIDid:4790

Trust: 2.0

db:NVDid:CVE-2002-2316

Trust: 1.7

db:CNNVDid:CNNVD-200212-305

Trust: 0.7

db:XFid:9148

Trust: 0.6

db:BUGTRAQid:20020520 CATALYST 4000

Trust: 0.6

db:BUGTRAQid:20020618 RE: CATALYST 4000 - CISCO'S RESPONSE

Trust: 0.6

db:VULHUBid:VHN-6699

Trust: 0.1

sources: VULHUB: VHN-6699 // BID: 4790 // CNNVD: CNNVD-200212-305 // NVD: CVE-2002-2316

REFERENCES

url:http://www.securityfocus.com/bid/4790

Trust: 2.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-05/0190.html

Trust: 2.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-06/0209.html

Trust: 2.7

url:http://www.iss.net/security_center/static/9148.php

Trust: 2.7

sources: VULHUB: VHN-6699 // CNNVD: CNNVD-200212-305 // NVD: CVE-2002-2316

CREDITS

Vulnerability discovery credited to TROY COULOMBE <TROCOU@SAFECO.com>.

Trust: 0.9

sources: BID: 4790 // CNNVD: CNNVD-200212-305

SOURCES

db:VULHUBid:VHN-6699
db:BIDid:4790
db:CNNVDid:CNNVD-200212-305
db:NVDid:CVE-2002-2316

LAST UPDATE DATE

2024-11-22T23:11:38.259000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-6699date:2008-09-05T00:00:00
db:BIDid:4790date:2002-05-21T00:00:00
db:CNNVDid:CNNVD-200212-305date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2316date:2024-11-20T23:43:23.430

SOURCES RELEASE DATE

db:VULHUBid:VHN-6699date:2002-12-31T00:00:00
db:BIDid:4790date:2002-05-21T00:00:00
db:CNNVDid:CNNVD-200212-305date:2002-12-31T00:00:00
db:NVDid:CVE-2002-2316date:2002-12-31T05:00:00