Improper access control

2020-06-0209:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

83.7%

JSON

Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors.

CPENameOperatorVersion
nx-oseq5.21.0-sk31.1
nx-oseq5.21.0-sk32.1
nx-oseq5.21.0-sk32.1-a
nx-oseq5.21.0-sk32.2
nx-oseq5.21.0-sk32.2-b
nx-oseq5.21.0-sm15.1
nx-oseq5.21.0-sm15.2
nx-oseq5.21.0-sm15.2-a
nx-oseq5.21.0-sm15.2-b
nx-oseq5.21.0-sm15.2-c

Name	Operator	Version
nx-os	eq	5.21.0-sk31.1
nx-os	eq	5.21.0-sk32.1
nx-os	eq	5.21.0-sk32.1-a
nx-os	eq	5.21.0-sk32.2
nx-os	eq	5.21.0-sk32.2-b
nx-os	eq	5.21.0-sm15.1
nx-os	eq	5.21.0-sm15.2
nx-os	eq	5.21.0-sm15.2-a
nx-os	eq	5.21.0-sm15.2-b
nx-os	eq	5.21.0-sm15.2-c