CVE-2020-3262

Published: Apr 15, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.

Affected (2)

Products: Cisco: 5508 Wireless Controller Firmware, 5520 Wireless Controller Firmware

2 products

5508 Wireless Controller Firmware

5520 Wireless Controller Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco 5508 Wireless Controller Firmware	Version 8.8(120.0)

Running on/with	Platform Versions
Cisco 5508 Wireless Controller	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco 5520 Wireless Controller Firmware	Version 8.8(120.0)

Running on/with	Platform Versions
Cisco 5520 Wireless Controller	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.