FKIE_CVE-2020-3552
Vulnerability from fkie_nvd - Published: 2020-09-24 18:15 - Updated: 2024-11-21 05:31
Severity ?
Summary
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | wireless_lan_controller | * | |
| cisco | aironet_1542d | - | |
| cisco | aironet_1542i | - | |
| cisco | aironet_1562d | - | |
| cisco | aironet_1562e | - | |
| cisco | aironet_1562i | - | |
| cisco | aironet_1810 | - | |
| cisco | aironet_1815 | - | |
| cisco | aironet_1830e | - | |
| cisco | aironet_1830i | - | |
| cisco | aironet_1840 | - | |
| cisco | aironet_1850e | - | |
| cisco | aironet_1850i | - | |
| cisco | aironet_2800e | - | |
| cisco | aironet_2800i | - | |
| cisco | aironet_3800e | - | |
| cisco | aironet_3800i | - | |
| cisco | aironet_3800p | - | |
| cisco | aironet_4800 | - | |
| cisco | business_access_points | * | |
| cisco | access_points | * | |
| cisco | catalyst_9800-40 | - | |
| cisco | catalyst_9800-80 | - | |
| cisco | catalyst_9800-cl | - | |
| cisco | catalyst_9800-l | - | |
| cisco | catalyst_9800-l-c | - | |
| cisco | catalyst_9800-l-f | - | |
| cisco | aironet_access_point_software | 8.10\(1.255\) | |
| cisco | aironet_1850e | - | |
| cisco | aironet_1850i | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8EFE8F9-5E37-42DF-8658-574A5D9ECC6D",
"versionEndExcluding": "8.10.105.0",
"versionStartIncluding": "8.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB7510-2741-464A-8FC9-8419985E330F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE916B2-CAAD-4508-A47E-A7D4D88B077A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D717945-EE41-4D0F-86EF-90826EBE9C3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99EAEA92-6589-4DFB-BC4B-8CBA425452D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27AB201-342D-4517-9E05-6088598F4695",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F923CF-D4EB-48F8-821D-8BB3A69ABB62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4590D445-B4B6-48E6-BF55-BEA6BA763410",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "848CC5CD-1982-4F31-A626-BD567E1C19F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A69CA9D6-914D-436F-AA81-B218CC312D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78149144-CCF5-4C71-B22D-45261C4ACABC",
"versionEndExcluding": "10.1.1.0",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70B4ABE1-4F2F-478A-AA0E-8F293105FEBE",
"versionEndExcluding": "16.12.4a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:8.10\\(1.255\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D40D1D98-F662-4C7D-AEC8-C106209D7848",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24E47788-9B54-42C5-AD83-428B22674575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A333CD0B-4729-4E64-8B52-A3F5138F5B70",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de paquetes Ethernet de Cisco Aironet Access Points (APs) Software, podr\u00eda permitir a un atacante adyacente no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante la conexi\u00f3n como un cliente cableado a la interfaz Ethernet de un dispositivo afectado y mediante el env\u00edo de una serie de paquetes espec\u00edficos en un corto per\u00edodo de tiempo.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar un acceso al puntero NULL que resulte en una recarga del dispositivo afectado."
}
],
"id": "CVE-2020-3552",
"lastModified": "2024-11-21T05:31:18.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-24T18:15:21.900",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…