CVE-2020-3559

Published: Sep 24, 2020Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Affected (5)

Products: Cisco: Wireless Lan Controller, Business Access Points, Access Points, Aironet Access Point Software

Cisco

4 products

Wireless Lan Controller

Business Access Points

Access Points

Aironet Access Point Software

Configuration A

1 vulnerable · 18 platform

Vulnerable Software	Affected Versions
Cisco Wireless Lan Controller	From 8.9 to 8.10.112.0

Running on/with	Platform Versions
Cisco 1111 4pwe	All versions
Cisco 1111 8plteeawb	All versions
Cisco 1111 8pwb	All versions
Cisco 1113 8plteeawe	All versions
Cisco 1113 8pmwe	All versions
Cisco 1113 8pwe	All versions
Cisco 1116 4plteeawe	All versions
Cisco 1116 4pwe	All versions
Cisco 1117 4plteeawe	All versions
Cisco 1117 4pmlteeawe	All versions
Cisco 1117 4pmwe	All versions
Cisco 1117 4pwe	All versions
Cisco Aironet 1815	All versions
Cisco Aironet 1830e	All versions
Cisco Aironet 1830i	All versions
Cisco Business 140ac	All versions
Cisco Business 145ac	All versions
Cisco Business 240ac	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Business Access Points	From 10.0 to 10.1.1.0

Configuration C

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Cisco Access Points	Before 16.12.4a

Running on/with	Platform Versions
Cisco Catalyst 9800 40	All versions
Cisco Catalyst 9800 80	All versions
Cisco Catalyst 9800 Cl	All versions
Cisco Catalyst 9800 L	All versions
Cisco Catalyst 9800 L C	All versions
Cisco Catalyst 9800 L F	All versions

Configuration D

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Aironet Access Point Software	Version 17.2.0.26
Cisco Aironet Access Point Software	Version 8.5(151.0)

Running on/with	Platform Versions
Cisco Aironet 1850e	All versions
Cisco Aironet 1850i	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.