First published: Thu Sep 24 2020(Updated: )
A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Wireless LAN Controller | >=8.9<8.10.112.0 | |
Cisco 1111-4pwe | ||
Cisco 1111-8plteeawb | ||
Cisco 1111-8pwb | ||
Cisco 1113-8plteeawe | ||
Cisco 1113-8pmwe | ||
Cisco 1113-8pwe | ||
Cisco 1116-4plteeawe | ||
Cisco 1116-4pwe | ||
Cisco 1117-4plteeawe | ||
Cisco 1117-4pmlteeawe | ||
Cisco 1117-4pmwe | ||
Cisco 1117-4pwe | ||
Cisco Aironet 1815 | ||
Cisco Aironet 1830e | ||
Cisco Aironet 1830i | ||
Cisco Aironet 1850e | ||
Cisco Aironet 1850i | ||
Cisco Business 140ac | ||
Cisco Business 145ac | ||
Cisco Business 240ac | ||
Cisco Business Access Points | >=10.0<10.1.1.0 | |
Cisco Access Points | <16.12.4a | |
Cisco Catalyst 9800-40 | ||
Cisco Catalyst 9800-80 | ||
Cisco Catalyst 9800-cl | ||
Cisco Catalyst 9800-l | ||
Cisco Catalyst 9800-l-c | ||
Cisco Catalyst 9800-l-f | ||
Cisco Aironet Access Point Software | =8.5\(151.0\) | |
Cisco Aironet Access Point Software | =17.2.0.26 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3559 is a vulnerability in Cisco Aironet Access Point (AP) Software that could allow an unauthenticated remote attacker to cause a device to reload.
The vulnerability is due to improper handling of clients trying to connect to the AP.
The severity of CVE-2020-3559 is high with a CVSS score of 8.6.
The affected software versions are Cisco Wireless LAN Controller 8.9 to 8.10.112.0.
To fix the vulnerability, it is recommended to upgrade the Cisco Aironet Access Point (AP) Software to a version that is not vulnerable.