8.6

CVE-2020-3560

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.

Data is provided by the National Vulnerability Database (NVD)
CiscoWireless Lan Controller Version >= 8.9 < 8.10.112.0
   Cisco1111-4pwe Version-
   Cisco1111-8plteeawb Version-
   Cisco1111-8pwb Version-
   Cisco1113-8plteeawe Version-
   Cisco1113-8pmwe Version-
   Cisco1113-8pwe Version-
   Cisco1116-4plteeawe Version-
   Cisco1116-4pwe Version-
   Cisco1117-4plteeawe Version-
   Cisco1117-4pmlteeawe Version-
   Cisco1117-4pmwe Version-
   Cisco1117-4pwe Version-
   CiscoAironet 1542d Version-
   CiscoAironet 1542i Version-
   CiscoAironet 1562d Version-
   CiscoAironet 1562e Version-
   CiscoAironet 1562i Version-
   CiscoAironet 1815 Version-
   CiscoAironet 1830e Version-
   CiscoAironet 1830i Version-
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
   CiscoAironet 2800e Version-
   CiscoAironet 2800i Version-
   CiscoAironet 3800e Version-
   CiscoAironet 3800i Version-
   CiscoAironet 3800p Version-
   CiscoAironet 4800 Version-
   CiscoBusiness 140ac Version-
   CiscoBusiness 145ac Version-
   CiscoBusiness 240ac Version-
   CiscoCatalyst 9105 Version-
   CiscoCatalyst 9115 Version-
   CiscoCatalyst 9117 Version-
   CiscoCatalyst 9120 Version-
   CiscoCatalyst 9130 Version-
   CiscoCatalyst Iw6300 Version-
   CiscoEsw-6300-con-x-k9 Version-
CiscoWireless Lan Controller Software Version < 8.5.161.0
   Cisco1111-4pwe Version-
   Cisco1111-8plteeawb Version-
   Cisco1111-8pwb Version-
   Cisco1113-8plteeawe Version-
   Cisco1113-8pmwe Version-
   Cisco1113-8pwe Version-
   Cisco1116-4plteeawe Version-
   Cisco1116-4pwe Version-
   Cisco1117-4plteeawe Version-
   Cisco1117-4pmlteeawe Version-
   Cisco1117-4pmwe Version-
   Cisco1117-4pwe Version-
   CiscoAironet 1542d Version-
   CiscoAironet 1542i Version-
   CiscoAironet 1562d Version-
   CiscoAironet 1562e Version-
   CiscoAironet 1562i Version-
   CiscoAironet 1815 Version-
   CiscoAironet 1830e Version-
   CiscoAironet 1830i Version-
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
   CiscoAironet 2800e Version-
   CiscoAironet 2800i Version-
   CiscoAironet 3800e Version-
   CiscoAironet 3800i Version-
   CiscoAironet 3800p Version-
   CiscoAironet 4800 Version-
   CiscoBusiness 140ac Version-
   CiscoBusiness 145ac Version-
   CiscoBusiness 240ac Version-
   CiscoCatalyst 9105 Version-
   CiscoCatalyst 9115 Version-
   CiscoCatalyst 9117 Version-
   CiscoCatalyst 9120 Version-
   CiscoCatalyst 9130 Version-
   CiscoCatalyst Iw6300 Version-
   CiscoEsw-6300-con-x-k9 Version-
CiscoWireless Lan Controller Software Version >= 8.6 < 8.8.130.0
   Cisco1111-4pwe Version-
   Cisco1111-8plteeawb Version-
   Cisco1111-8pwb Version-
   Cisco1113-8plteeawe Version-
   Cisco1113-8pmwe Version-
   Cisco1113-8pwe Version-
   Cisco1116-4plteeawe Version-
   Cisco1116-4pwe Version-
   Cisco1117-4plteeawe Version-
   Cisco1117-4pmlteeawe Version-
   Cisco1117-4pmwe Version-
   Cisco1117-4pwe Version-
   CiscoAironet 1542d Version-
   CiscoAironet 1542i Version-
   CiscoAironet 1562d Version-
   CiscoAironet 1562e Version-
   CiscoAironet 1562i Version-
   CiscoAironet 1815 Version-
   CiscoAironet 1830e Version-
   CiscoAironet 1830i Version-
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
   CiscoAironet 2800e Version-
   CiscoAironet 2800i Version-
   CiscoAironet 3800e Version-
   CiscoAironet 3800i Version-
   CiscoAironet 3800p Version-
   CiscoAironet 4800 Version-
   CiscoBusiness 140ac Version-
   CiscoBusiness 145ac Version-
   CiscoBusiness 240ac Version-
   CiscoCatalyst 9105 Version-
   CiscoCatalyst 9115 Version-
   CiscoCatalyst 9117 Version-
   CiscoCatalyst 9120 Version-
   CiscoCatalyst 9130 Version-
   CiscoCatalyst Iw6300 Version-
   CiscoEsw-6300-con-x-k9 Version-
CiscoBusiness Access Points Version >= 10.0 < 10.1.1.0
CiscoAccess Points Version < 16.12.4a
   CiscoCatalyst 9800-40 Version-
   CiscoCatalyst 9800-80 Version-
   CiscoCatalyst 9800-cl Version-
   CiscoCatalyst 9800-l Version-
   CiscoCatalyst 9800-l-c Version-
   CiscoCatalyst 9800-l-f Version-
CiscoAironet Access Point Software Version8.5(154.27)
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
CiscoAironet Access Point Software Version8.8(125.0)
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
CiscoAironet Access Point Software Version8.10(105.0)
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
CiscoAironet Access Point Software Version8.10(105.4)
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
CiscoAironet Access Point Software Version17.1.2.6
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
CiscoAironet Access Point Software Version17.1.2.9
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
CiscoAironet Access Point Software Version17.2.0.37
   CiscoAironet 1850e Version-
   CiscoAironet 1850i Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.16% 0.766
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.