CVE-2020-3560

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.

CVSS v3.0 8.6 HIGH
CVSS v2.0 7.8 HIGH

8.6^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:wireless_lan_controller_software::::::::
	cpe:2.3:o:cisco:wireless_lan_controller_software::::::::
	cpe:2.3:o:cisco:wireless_lan_controller::::::::

OR	cpe:2.3:h:cisco:1111-4pwe:-:::::::*
	cpe:2.3:h:cisco:1111-8plteeawb:-:::::::*
	cpe:2.3:h:cisco:1111-8pwb:-:::::::*
	cpe:2.3:h:cisco:1113-8plteeawe:-:::::::*
	cpe:2.3:h:cisco:1113-8pmwe:-:::::::*
	cpe:2.3:h:cisco:1113-8pwe:-:::::::*
	cpe:2.3:h:cisco:1116-4plteeawe:-:::::::*
	cpe:2.3:h:cisco:1116-4pwe:-:::::::*
	cpe:2.3:h:cisco:1117-4plteeawe:-:::::::*
	cpe:2.3:h:cisco:1117-4pmlteeawe:-:::::::*
	cpe:2.3:h:cisco:1117-4pmwe:-:::::::*
	cpe:2.3:h:cisco:aironet_1830i:-:::::::*
	cpe:2.3:h:cisco:aironet_2800e:-:::::::*
	cpe:2.3:h:cisco:aironet_3800p:-:::::::*
	cpe:2.3:h:cisco:aironet_3800i:-:::::::*
	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_3800e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*
	cpe:2.3:h:cisco:aironet_2800i:-:::::::*
	cpe:2.3:h:cisco:aironet_1830e:-:::::::*
	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
	cpe:2.3:h:cisco:aironet_1542i:-:::::::*
	cpe:2.3:h:cisco:aironet_1542d:-:::::::*
	cpe:2.3:h:cisco:aironet_4800:-:::::::*
	cpe:2.3:h:cisco:aironet_1815:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115:-:::::::*
	cpe:2.3:h:cisco:business_240ac:-:::::::*
	cpe:2.3:h:cisco:business_140ac:-:::::::*
	cpe:2.3:h:cisco:business_145ac:-:::::::*
	cpe:2.3:h:cisco:1117-4pwe:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130:-:::::::*
	cpe:2.3:h:cisco:esw-6300-con-x-k9:-:::::::*

Configuration 2 (hide)

cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:cisco:aironet_access_point_software:8.5\(154.27\):::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:8.8\(125.0\):::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:8.10\(105.0\):::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:8.10\(105.4\):::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:17.1.2.6:::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:17.1.2.9:::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:17.2.0.37:::::::*

OR	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*

Information

Published : 2020-09-24 11:15

Updated : 2021-04-16 08:01

NVD link : CVE-2020-3560

Mitre link : CVE-2020-3560

JSON object : View

CWE

CWE-400

Uncontrolled Resource Consumption

Products Affected

cisco

catalyst_9117
esw-6300-con-x-k9
aironet_3800e
catalyst_9800-80
catalyst_9800-l-f
1117-4plteeawe
business_240ac
wireless_lan_controller_software
catalyst_9115
catalyst_iw6300
catalyst_9120
business_access_points
access_points
aironet_3800p
aironet_2800i
catalyst_9800-cl
1113-8plteeawe
1111-4pwe
aironet_2800e
catalyst_9800-l
wireless_lan_controller
aironet_1562i
catalyst_9800-l-c
catalyst_9800-40
1111-8pwb
1116-4plteeawe
aironet_1542d
1111-8plteeawb
aironet_1562d
aironet_access_point_software
1117-4pwe
business_145ac
aironet_1562e
1117-4pmlteeawe
aironet_1542i
aironet_1815
aironet_1850e
catalyst_9130
1113-8pwe
catalyst_9105
1113-8pmwe
1117-4pmwe
aironet_1850i
aironet_3800i
business_140ac
aironet_4800
1116-4pwe
aironet_1830i
aironet_1830e

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y", "name": "20200924 Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-400"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-3560", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}}, "publishedDate": "2020-09-24T18:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.5.161.0"}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.6"}, {"cpe23Uri": "cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.10.112.0", "versionStartIncluding": "8.9"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:1111-4pwe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1111-8plteeawb:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1111-8pwb:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1113-8plteeawe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1113-8pmwe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1113-8pwe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1116-4plteeawe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1116-4pwe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1117-4plteeawe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1117-4pmlteeawe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1117-4pmwe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:business_240ac:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:business_140ac:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:business_145ac:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:1117-4pwe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:esw-6300-con-x-k9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.1.1.0", "versionStartIncluding": "10.0"}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.12.4a"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:aironet_access_point_software:8.5\\(154.27\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:aironet_access_point_software:8.8\\(125.0\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:aironet_access_point_software:8.10\\(105.0\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:aironet_access_point_software:8.10\\(105.4\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:aironet_access_point_software:17.1.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:aironet_access_point_software:17.1.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:aironet_access_point_software:17.2.0.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-16T15:01Z"}

8.6 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-3560

8.6^/10

7.8^/10

Attach tags to `CVE-2020-3560`