CVE-2005-4441
CVE-2005-4441 is a medium-severity vulnerability in Pvlan Protocol with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 2% (73rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Pvlan Protocol
- Published:
- Last modified:
Description
The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Modification of the MAC spoofing PVLAN jumping attack," as demonstrated by pvlan.c.
Frequently asked questions
- What is CVE-2005-4441?
- The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Modification of the MAC spoofing PVLAN jumping attack," as demonstrated by pvlan.c.
- How severe is CVE-2005-4441?
- CVE-2005-4441 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2005-4441 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (73rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-4441?
- CVE-2005-4441 affects Pvlan Protocol. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2005-4441?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-4441 published?
- CVE-2005-4441 was published on 2005-12-21 and last updated on 2026-06-16.
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040333.html
- http://www.securityfocus.com/archive/1/419831/100/0/threaded
- http://www.securityfocus.com/archive/1/419834/100/0/threaded
Affected products (1)
- cpe:2.3:a:pvlan_protocol:pvlan_protocol:*:*:*:*:*:*:*:*