CVE-2020-3559

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS v3 8.6 HIGH
CVSS v2.0 7.8 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1111-4pwe:-:::::::*
	cpe:2.3:h:cisco:1111-8plteeawb:-:::::::*
	cpe:2.3:h:cisco:1111-8pwb:-:::::::*
	cpe:2.3:h:cisco:1113-8plteeawe:-:::::::*
	cpe:2.3:h:cisco:1113-8pmwe:-:::::::*
	cpe:2.3:h:cisco:1113-8pwe:-:::::::*
	cpe:2.3:h:cisco:1116-4plteeawe:-:::::::*
	cpe:2.3:h:cisco:1116-4pwe:-:::::::*
	cpe:2.3:h:cisco:1117-4plteeawe:-:::::::*
	cpe:2.3:h:cisco:1117-4pmlteeawe:-:::::::*
	cpe:2.3:h:cisco:1117-4pmwe:-:::::::*
	cpe:2.3:h:cisco:1117-4pwe:-:::::::*
	cpe:2.3:h:cisco:aironet_1815:-:::::::*
	cpe:2.3:h:cisco:aironet_1830e:-:::::::*
	cpe:2.3:h:cisco:aironet_1830i:-:::::::*
	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*
	cpe:2.3:h:cisco:business_140ac:-:::::::*
	cpe:2.3:h:cisco:business_145ac:-:::::::*
	cpe:2.3:h:cisco:business_240ac:-:::::::*

Configuration 2 (hide)

cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:cisco:aironet_access_point_software:8.5\(151.0\):::::::*
	cpe:2.3:a:cisco:aironet_access_point_software:17.2.0.26:::::::*

OR	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*

History

No history.

Information

Published : 2020-09-24 18:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-3559

Mitre link : CVE-2020-3559

CVE.ORG link : CVE-2020-3559

JSON object : View

Products Affected

cisco

1113-8plteeawe
access_points
catalyst_9800-40
1111-8pwb
1117-4pwe
1116-4pwe
catalyst_9800-cl
wireless_lan_controller
1117-4pmlteeawe
catalyst_9800-l-f
1117-4plteeawe
aironet_1830e
aironet_1850i
business_140ac
aironet_1815
aironet_1830i
1116-4plteeawe
business_145ac
aironet_access_point_software
1117-4pmwe
1113-8pwe
business_access_points
aironet_1850e
catalyst_9800-80
1113-8pmwe
catalyst_9800-l-c
catalyst_9800-l
1111-8plteeawb
business_240ac
1111-4pwe

CWE

CWE-400

Uncontrolled Resource Consumption

8.6 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-3559

8.6^/10

7.8^/10

Attach tags to `CVE-2020-3559`