CVE-2020-3552

EPSS 0.1%
Published 24.09.2020 18:15:21
Last modified 21.11.2024 05:31:18
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Wireless Lan Controller Version >= 8.6 < 8.10.105.0

   Cisco ≫ Aironet 1542d Version-
   Cisco ≫ Aironet 1542i Version-
   Cisco ≫ Aironet 1562d Version-
   Cisco ≫ Aironet 1562e Version-
   Cisco ≫ Aironet 1562i Version-
   Cisco ≫ Aironet 1810 Version-
   Cisco ≫ Aironet 1815 Version-
   Cisco ≫ Aironet 1830e Version-
   Cisco ≫ Aironet 1830i Version-
   Cisco ≫ Aironet 1840 Version-
   Cisco ≫ Aironet 1850e Version-
   Cisco ≫ Aironet 1850i Version-
   Cisco ≫ Aironet 2800e Version-
   Cisco ≫ Aironet 2800i Version-
   Cisco ≫ Aironet 3800e Version-
   Cisco ≫ Aironet 3800i Version-
   Cisco ≫ Aironet 3800p Version-
   Cisco ≫ Aironet 4800 Version-

Cisco ≫ Business Access Points Version >= 10.0 < 10.1.1.0

Cisco ≫ Access Points Version < 16.12.4a

   Cisco ≫ Catalyst 9800-40 Version-
   Cisco ≫ Catalyst 9800-80 Version-
   Cisco ≫ Catalyst 9800-cl Version-
   Cisco ≫ Catalyst 9800-l Version-
   Cisco ≫ Catalyst 9800-l-c Version-
   Cisco ≫ Catalyst 9800-l-f Version-

Cisco ≫ Aironet Access Point Software Version8.10(1.255)

Cisco ≫ Aironet 1850e Version-
Cisco ≫ Aironet 1850i Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.249

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.4	2.8	4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com	7.4	2.8	4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3552

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3552

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3552

EUVD