CVE-2020-3206Improper Input Validation in Cisco IOS XE Software 16.10.1

CWE-20Improper Input Validation4 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 67.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE Software 16.10.1Cisco IOS XE
Timeline
PublishedJun 3
Latest updateMay 24

Description

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 80

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/ios_xe16.10.1, 16.10.1e, 16.10.1s+2

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-jqh5-88rr-f29q: A vulnerability in the handling of IEEE 8022022-05-24
CVEList
Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability2020-06-03

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability2020-06-03
CVE-2020-3206 — Improper Input Validation in Cisco | cvebase