CVE-2020-3559

EPSS 1.28%
Published 24.09.2020 18:15:21
Last modified 21.11.2024 05:31:18
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Wireless Lan Controller Version >= 8.9 < 8.10.112.0

   Cisco ≫ 1111-4pwe Version-
   Cisco ≫ 1111-8plteeawb Version-
   Cisco ≫ 1111-8pwb Version-
   Cisco ≫ 1113-8plteeawe Version-
   Cisco ≫ 1113-8pmwe Version-
   Cisco ≫ 1113-8pwe Version-
   Cisco ≫ 1116-4plteeawe Version-
   Cisco ≫ 1116-4pwe Version-
   Cisco ≫ 1117-4plteeawe Version-
   Cisco ≫ 1117-4pmlteeawe Version-
   Cisco ≫ 1117-4pmwe Version-
   Cisco ≫ 1117-4pwe Version-
   Cisco ≫ Aironet 1815 Version-
   Cisco ≫ Aironet 1830e Version-
   Cisco ≫ Aironet 1830i Version-
   Cisco ≫ Aironet 1850e Version-
   Cisco ≫ Aironet 1850i Version-
   Cisco ≫ Business 140ac Version-
   Cisco ≫ Business 145ac Version-
   Cisco ≫ Business 240ac Version-

Cisco ≫ Business Access Points Version >= 10.0 < 10.1.1.0

Cisco ≫ Access Points Version < 16.12.4a

   Cisco ≫ Catalyst 9800-40 Version-
   Cisco ≫ Catalyst 9800-80 Version-
   Cisco ≫ Catalyst 9800-cl Version-
   Cisco ≫ Catalyst 9800-l Version-
   Cisco ≫ Catalyst 9800-l-c Version-
   Cisco ≫ Catalyst 9800-l-f Version-

Cisco ≫ Aironet Access Point Software Version8.5(151.0)

Cisco ≫ Aironet 1850e Version-
Cisco ≫ Aironet 1850i Version-

Cisco ≫ Aironet Access Point Software Version17.2.0.26

Cisco ≫ Aironet 1850e Version-
Cisco ≫ Aironet 1850i Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.28%	0.777

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com	6.8	2.2	4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3559

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3559

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3559

EUVD