First published: Thu Sep 24 2020(Updated: )
A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | =16.12.1 | |
Cisco 2610xm | ||
Cisco 2611xm | ||
Cisco 2612 | ||
Cisco 2620xm | ||
Cisco 2621xm | ||
Cisco 2650xm | ||
Cisco 2651xm | ||
Cisco 2691 | ||
Cisco Catalyst 9800-40 | ||
Cisco Catalyst 9800-80 | ||
Cisco Catalyst 9800-cl | ||
Cisco Catalyst 9800-l | ||
Cisco Catalyst 9800-l-c | ||
Cisco Catalyst 9800-l-f |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco IOS XE Software vulnerability is CVE-2020-3359.
CVE-2020-3359 has a severity level of 8.6 (high).
The affected software for CVE-2020-3359 is Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers version 16.12.1.
An attacker can exploit CVE-2020-3359 by sending malicious multicast DNS packets to the vulnerable device.
Yes, Cisco has released a security advisory with mitigation details for CVE-2020-3359. Please refer to the official advisory for more information.