CVE-2024-20354

CWE-4604 documents4 sources

Severity

7.4HIGH

EPSS

0.0%

top 87.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Cisco Wireless LAN Controller Software Cisco Cisco Aironet Access Point Software +1 more

Timeline

PublishedMar 27

Description

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A success…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDcisco/wireless_lan_controller_software8.5.171.0 — 8.6.0.0+1

▶CVEListV5cisco/cisco_aironet_access_point_softwareN/A

▶CVEListV5cisco/cisco_aironet_access_point_software_(ios_xe_controller)N/A

▶NVDcisco/ios_xe16.12.4a — 17.1.0+4

🔴Vulnerability Details

CVEList

CVE-2024-20354: A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent atta↗2024-03-27

▶

GHSA

GHSA-55h4-826f-9gpq: A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent atta↗2024-03-27

▶

📋Vendor Advisories

Cisco

Cisco Aironet Access Point Software Resource Exhaustion Denial of Service Vulnerability↗2024-03-27

▶