CVE-2020-3206

EPSS 0.13%
Published 03.06.2020 18:15:18
Last modified 21.11.2024 05:30:33
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version16.10.1

Cisco ≫ Ios Xe Version16.10.1e

Cisco ≫ Ios Xe Version16.10.1s

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.296

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P
psirt@cisco.com	4.7	2.8	1.4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-dos-AnvKvMxR

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3206

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3206

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3206

EUVD