CVE-2020-3273Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Wireless LAN Controller

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Wireless LAN ControllerCisco 5508 Wireless Controller FirmwareCisco 5520 Wireless Controller Firmware
Timeline
PublishedApr 15
Latest updateMay 24

Description

A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). The vulnerability is due to incomplete input validation of the 802.11 GAS frames that are processed by an affected device. An attacker could exploit this vulnerability by sending a crafted 802.11 GAS frame over the air to an access p

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDcisco/5508_wireless_controller_firmware8.10\(204.92\), 8.5\(151.0\)+1
NVDcisco/5520_wireless_controller_firmware8.10\(204.92\), 8.5\(151.0\)+1

🔴Vulnerability Details

2
GHSA
GHSA-27gx-92r4-wr88: A vulnerability in the 8022022-05-24
CVEList
Cisco Wireless LAN Controller 802.11 Generic Advertisement Service Denial of Service Vulnerability2020-04-15

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller 802.11 Generic Advertisement Service Denial of Service Vulnerability2020-04-15
CVE-2020-3273 — Cisco vulnerability | cvebase