CVE-2020-3559

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS v3.0 8.6 HIGH
CVSS v2.0 7.8 HIGH

8.6^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1111-4pwe:-:::::::*
	cpe:2.3:h:cisco:1111-8plteeawb:-:::::::*
	cpe:2.3:h:cisco:1111-8pwb:-:::::::*
	cpe:2.3:h:cisco:1113-8plteeawe:-:::::::*
	cpe:2.3:h:cisco:1113-8pmwe:-:::::::*
	cpe:2.3:h:cisco:1113-8pwe:-:::::::*
	cpe:2.3:h:cisco:1116-4plteeawe:-:::::::*
	cpe:2.3:h:cisco:1116-4pwe:-:::::::*
	cpe:2.3:h:cisco:1117-4plteeawe:-:::::::*
	cpe:2.3:h:cisco:1117-4pmlteeawe:-:::::::*
	cpe:2.3:h:cisco:1117-4pmwe:-:::::::*
	cpe:2.3:h:cisco:aironet_1830i:-:::::::*
	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*
	cpe:2.3:h:cisco:aironet_1830e:-:::::::*
	cpe:2.3:h:cisco:aironet_1815:-:::::::*
	cpe:2.3:h:cisco:business_240ac:-:::::::*
	cpe:2.3:h:cisco:business_140ac:-:::::::*
	cpe:2.3:h:cisco:business_145ac:-:::::::*
	cpe:2.3:h:cisco:1117-4pwe:-:::::::*

Configuration 2 (hide)

cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:cisco:aironet_access_point_software:8.5\(151.0\):::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:17.2.0.26:::::::*

OR	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*

Information

Published : 2020-09-24 11:15

Updated : 2021-04-16 08:01

NVD link : CVE-2020-3559

Mitre link : CVE-2020-3559

JSON object : View

CWE

CWE-400

Uncontrolled Resource Consumption

Products Affected

cisco

catalyst_9800-80
catalyst_9800-l-f
1117-4plteeawe
business_240ac
business_access_points
access_points
catalyst_9800-cl
1113-8plteeawe
1111-4pwe
catalyst_9800-l
wireless_lan_controller
catalyst_9800-l-c
catalyst_9800-40
1111-8pwb
1116-4plteeawe
1111-8plteeawb
aironet_access_point_software
1117-4pwe
business_145ac
1117-4pmlteeawe
aironet_1815
aironet_1850e
1113-8pwe
1113-8pmwe
1117-4pmwe
aironet_1850i
business_140ac
1116-4pwe
aironet_1830i
aironet_1830e

8.6 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-3559

8.6^/10

7.8^/10

Attach tags to `CVE-2020-3559`