← Back

CVE-2020-3560

nvd nist
Published: Sep 24, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.

Affected (12)

Cisco
5 products
Wireless Lan Controller
Wireless Lan Controller Software
Business Access Points
Access Points
Aironet Access Point Software
Configuration A
3 vulnerable · 36 platform
Vulnerable SoftwareAffected Versions
Wireless Lan Controller
From 8.9 to 8.10.112.0
Cisco
Wireless Lan Controller Software
Before 8.5.161.0
Wireless Lan Controller Software
From 8.6 to 8.8.130.0
Running on/withPlatform Versions
Cisco
1111 4pwe
All versions
Cisco
1111 8plteeawb
All versions
Cisco
1111 8pwb
All versions
Cisco
1113 8plteeawe
All versions
Cisco
1113 8pmwe
All versions
Cisco
1113 8pwe
All versions
Cisco
1116 4plteeawe
All versions
Cisco
1116 4pwe
All versions
Cisco
1117 4plteeawe
All versions
Cisco
1117 4pmlteeawe
All versions
Cisco
1117 4pmwe
All versions
Cisco
1117 4pwe
All versions
Cisco
Aironet 1542d
All versions
Cisco
Aironet 1542i
All versions
Cisco
Aironet 1562d
All versions
Cisco
Aironet 1562e
All versions
Cisco
Aironet 1562i
All versions
Cisco
Aironet 1815
All versions
Cisco
Aironet 1830e
All versions
Cisco
Aironet 1830i
All versions
Cisco
Aironet 2800e
All versions
Cisco
Aironet 2800i
All versions
Cisco
Aironet 3800e
All versions
Cisco
Aironet 3800i
All versions
Cisco
Aironet 3800p
All versions
Cisco
Aironet 4800
All versions
Cisco
Business 140ac
All versions
Cisco
Business 145ac
All versions
Cisco
Business 240ac
All versions
Cisco
Catalyst 9105
All versions
Cisco
Catalyst 9115
All versions
Cisco
Catalyst 9117
All versions
Cisco
Catalyst 9120
All versions
Cisco
Catalyst 9130
All versions
Cisco
Catalyst Iw6300
All versions
Cisco
Esw 6300 Con X K9
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Business Access Points
From 10.0 to 10.1.1.0
Configuration C
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Access Points
Before 16.12.4a
Running on/withPlatform Versions
Cisco
Catalyst 9800 40
All versions
Cisco
Catalyst 9800 80
All versions
Cisco
Catalyst 9800 Cl
All versions
Cisco
Catalyst 9800 L
All versions
Cisco
Catalyst 9800 L C
All versions
Cisco
Catalyst 9800 L F
All versions
Configuration D
7 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet Access Point Software
Version 17.1.2.6
Aironet Access Point Software
Version 17.1.2.9
Aironet Access Point Software
Version 17.2.0.37
Aironet Access Point Software
Version 8.10(105.0)
Aironet Access Point Software
Version 8.10(105.4)
Aironet Access Point Software
Version 8.5(154.27)
Aironet Access Point Software
Version 8.8(125.0)
Running on/withPlatform Versions
Cisco
Aironet 1850e
All versions
Cisco
Aironet 1850i
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.