CVE-2020-3559

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS v3 8.6 HIGH
CVSS v2.0 7.8 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1111-4pwe:-:::::::*
	cpe:2.3:h:cisco:1111-8plteeawb:-:::::::*
	cpe:2.3:h:cisco:1111-8pwb:-:::::::*
	cpe:2.3:h:cisco:1113-8plteeawe:-:::::::*
	cpe:2.3:h:cisco:1113-8pmwe:-:::::::*
	cpe:2.3:h:cisco:1113-8pwe:-:::::::*
	cpe:2.3:h:cisco:1116-4plteeawe:-:::::::*
	cpe:2.3:h:cisco:1116-4pwe:-:::::::*
	cpe:2.3:h:cisco:1117-4plteeawe:-:::::::*
	cpe:2.3:h:cisco:1117-4pmlteeawe:-:::::::*
	cpe:2.3:h:cisco:1117-4pmwe:-:::::::*
	cpe:2.3:h:cisco:1117-4pwe:-:::::::*
	cpe:2.3:h:cisco:aironet_1815:-:::::::*
	cpe:2.3:h:cisco:aironet_1830e:-:::::::*
	cpe:2.3:h:cisco:aironet_1830i:-:::::::*
	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*
	cpe:2.3:h:cisco:business_140ac:-:::::::*
	cpe:2.3:h:cisco:business_145ac:-:::::::*
	cpe:2.3:h:cisco:business_240ac:-:::::::*

Configuration 2 (hide)

cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:cisco:aironet_access_point_software:8.5\(151.0\):::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:17.2.0.26:::::::*

OR	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*

History

No history.

Information

Published : 2020-09-24 18:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-3559

Mitre link : CVE-2020-3559

CVE.ORG link : CVE-2020-3559

JSON object : View

Products Affected

cisco

1113-8pwe
catalyst_9800-cl
wireless_lan_controller
catalyst_9800-l-c
business_145ac
catalyst_9800-l
aironet_1830i
aironet_1850e
aironet_1850i
business_access_points
1111-8pwb
aironet_1830e
catalyst_9800-40
1111-4pwe
1117-4plteeawe
1113-8plteeawe
1116-4pwe
1116-4plteeawe
1117-4pmlteeawe
1111-8plteeawb
catalyst_9800-80
aironet_1815
business_240ac
access_points
aironet_access_point_software
catalyst_9800-l-f
business_140ac
1117-4pwe
1117-4pmwe
1113-8pmwe

CWE

CWE-400

Uncontrolled Resource Consumption

8.6 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-3559

8.6^/10

7.8^/10

Attach tags to `CVE-2020-3559`