CVE-2023-20112

CWE-126 — Buffer Over-read CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 46.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Business 150ax Firmware Cisco Business 151axm Firmware Cisco Catalyst 9105ax Firmware +29 more

Timeline

PublishedMar 23

Description

A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affe…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages32 packages

▶CVEListV5cisco/cisco_aironet_access_point_softwaren/a

▶NVDcisco/catalyst_9115_firmware< 10.3.2.0

▶NVDcisco/catalyst_9117_firmware< 10.3.2.0

▶NVDcisco/catalyst_9120_firmware< 10.3.2.0

▶NVDcisco/catalyst_9124_firmware< 10.3.2.0

🔴Vulnerability Details

CVEList

Cisco Access Point Software Association Request Denial of Service Vulnerability↗2023-03-23

▶

GHSA

GHSA-4xqr-rhvf-w2gg: A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on↗2023-03-23

▶

📋Vendor Advisories

Cisco

Cisco Access Point Software Association Request Denial of Service Vulnerability↗2023-03-22

▶