CVE-2024-20354

EPSS 0.06%
Veröffentlicht 27.03.2024 17:15:53
Zuletzt bearbeitet 13.08.2025 17:18:10
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.

 This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Wireless Lan Controller Software Version >= 8.5.171.0 < 8.6.0.0

   Cisco ≫ Aironet 1530e Version-
   Cisco ≫ Aironet 1530i Version-
   Cisco ≫ Aironet 1552h Version-
   Cisco ≫ Aironet 1552s Version-
   Cisco ≫ Aironet 1552wu Version-
   Cisco ≫ Aironet 1700i Version-
   Cisco ≫ Aironet 2700e Version-
   Cisco ≫ Aironet 2700i Version-
   Cisco ≫ Aironet 3700e Version-
   Cisco ≫ Aironet 3700i Version-
   Cisco ≫ Aironet 3700p Version-
   Cisco ≫ Ap801 Version-
   Cisco ≫ Ap802 Version-
   Cisco ≫ Ap803 Version-
   Cisco ≫ Iw3700 Version-

Cisco ≫ Wireless Lan Controller Software Version >= 8.10.130.0 < 8.10.190.81

Cisco ≫ Ios Xe Version >= 16.12.4a < 17.1.0

Cisco ≫ Ios Xe Version >= 17.3.0 < 17.3.9

Cisco ≫ Ios Xe Version >= 17.4.0 < 17.6.7

Cisco ≫ Ios Xe Version >= 17.7.0 < 17.9.5

Cisco ≫ Ios Xe Version >= 17.10.0 < 17.12.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.193

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.8	4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
psirt@cisco.com	4.7	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-460 Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-ap-dos-PPPtcVW

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20354

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20354

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20354

EUVD