CVE-2020-3552

Published: Sep 24, 2020Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.

Affected (4)

Products: Cisco: Wireless Lan Controller, Business Access Points, Access Points, Aironet Access Point Software

Cisco

4 products

Wireless Lan Controller

Business Access Points

Access Points

Aironet Access Point Software

Configuration A

1 vulnerable · 16 platform

Vulnerable Software	Affected Versions
Cisco Wireless Lan Controller	From 8.6 to 8.10.105.0

Running on/with	Platform Versions
Cisco Aironet 1542d	All versions
Cisco Aironet 1542i	All versions
Cisco Aironet 1562d	All versions
Cisco Aironet 1562e	All versions
Cisco Aironet 1562i	All versions
Cisco Aironet 1810	All versions
Cisco Aironet 1815	All versions
Cisco Aironet 1830e	All versions
Cisco Aironet 1830i	All versions
Cisco Aironet 1840	All versions
Cisco Aironet 2800e	All versions
Cisco Aironet 2800i	All versions
Cisco Aironet 3800e	All versions
Cisco Aironet 3800i	All versions
Cisco Aironet 3800p	All versions
Cisco Aironet 4800	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Business Access Points	From 10.0 to 10.1.1.0

Configuration C

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Cisco Access Points	Before 16.12.4a

Running on/with	Platform Versions
Cisco Catalyst 9800 40	All versions
Cisco Catalyst 9800 80	All versions
Cisco Catalyst 9800 Cl	All versions
Cisco Catalyst 9800 L	All versions
Cisco Catalyst 9800 L C	All versions
Cisco Catalyst 9800 L F	All versions

Configuration D

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Aironet Access Point Software	Version 8.10(1.255)

Running on/with	Platform Versions
Cisco Aironet 1850e	All versions
Cisco Aironet 1850i	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.