CVE-2020-3559

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

8.6HIGH

EPSS

1.3%

top 20.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Access Points Cisco Business Access Points Cisco Wireless LAN Controller +2 more

Timeline

PublishedSep 24

Latest updateMay 24

Description

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages5 packages

▶NVDcisco/aironet_access_point_software17.2.0.26, 8.5\(151.0\)+1

▶CVEListV5cisco/cisco_aironet_access_point_softwaren/a

▶NVDcisco/access_points< 16.12.4a

▶NVDcisco/business_access_points10.0 — 10.1.1.0

▶NVDcisco/wireless_lan_controller8.9 — 8.10.112.0

🔴Vulnerability Details

GHSA

GHSA-mmvp-2hg2-g76c: A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload↗2022-05-24

▶

CVEList

Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability↗2020-09-24

▶

📋Vendor Advisories

Cisco

Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability↗2020-09-24

▶