Summary
If MAC-based port security or 802.1x port security is enabled, the FL NAT 2xxx will unintentionally grant access to unauthorized devices in case of routed transmission. ''' Subnet 2---(Ports belonging to subnet 2)
|
FL NAT 2xxx
|
(Ports belonging to subnet 1, port sec ON)---- 2nd device
|
-- unauthorized device
''' The unauthorized device can access other devices in subnet 2 but cannot access the 2nd device in subnet 1.
Impact
If port security is enabled on a port, a device not authorized by MAC based port security or 802.1x based port security can access another subnet via the FL NAT 2xxx device that is routing between the subnet the unauthorized device is residing in and the 2nd subnet.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 2702882 | FL NAT 2208 | Firmware <2.90 |
| 2702981 | FL NAT 2304-2GC-2SFP | Firmware <2.90 |
Vulnerabilities
Expand / Collapse allIf MAC-based port security or 802.1x port security is enabled, the FL NAT 2xxx will unintentionally grant access to unauthorized devices in case of routed transmission.
Mitigation
User should take care that network security is not relying solely on separating subnets with MAC or 802.1x based port security if the FL NAT 2xxx device is serving as a router between the subnets.
Remediation
This vulnerability will be fixed with the next firmware release V2.90, which will be available Q02/2020.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 29.10.2019 11:56 | Initial revision. |
| 2 | 06.11.2024 12:27 | Fix: correct certvde domain, added alias, added self-reference |
| 3 | 22.05.2025 15:03 | Fix: version space, added distribution, quotation mark |