发布日期：2020-09-24
更新日期：2020-10-09

受影响系统：

Cisco Catalyst 9800 Series Wireless Controllers
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9500 Series
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9400 Series
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300 Series
Cisco Embedded Wireless Controller on Catalyst 9100 Access Points

描述：

---

CVE(CAN) ID: CVE-2020-3418

Cisco IOS和IOS XE是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。
Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers存在访问控制不当漏洞。该漏洞源于程序在RUN状态之前应用了不完整的访问控制列表（ACL）。未经身份认证的攻击者可通过连接到关联的服务集标识符（SSID）并发送ICMPv6通信利用该漏洞在客户端进入RUN状态之前发送ICMPv6通信。

<*来源：Cisco
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-icmpv6-qb9eYyCR
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-ewlc-icmpv6-qb9eYyCR）以及相应补丁:
cisco-sa-ewlc-icmpv6-qb9eYyCR：Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-icmpv6-qb9eYyCR

浏览次数：1783
严重程度：0（网友投票）