CVE-2020-3559: Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability
First published: Thu Sep 24 2020(Updated: )
A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Wireless LAN Controller | >=8.9<8.10.112.0 | |
| Cisco 1111-4pwe | ||
| Cisco 1111-8plteeawb | ||
| Cisco 1111-8pwb | ||
| Cisco 1113-8plteeawe | ||
| Cisco 1113-8pmwe | ||
| Cisco 1113-8pwe | ||
| Cisco 1116-4plteeawe | ||
| Cisco 1116-4pwe | ||
| Cisco 1117-4plteeawe | ||
| Cisco 1117-4pmlteeawe | ||
| Cisco 1117-4pmwe | ||
| Cisco 1117-4pwe | ||
| Cisco Aironet 1815 | ||
| Cisco Aironet 1830e | ||
| Cisco Aironet 1830i | ||
| Cisco Aironet 1850e | ||
| Cisco Aironet 1850i | ||
| Cisco Business 140ac | ||
| Cisco Business 145ac | ||
| Cisco Business 240ac | ||
| Cisco Business Access Points | >=10.0<10.1.1.0 | |
| Cisco Access Points | <16.12.4a | |
| Cisco Catalyst 9800-40 | ||
| Cisco Catalyst 9800-80 | ||
| Cisco Catalyst 9800-cl | ||
| Cisco Catalyst 9800-l | ||
| Cisco Catalyst 9800-l-c | ||
| Cisco Catalyst 9800-l-f | ||
| Cisco Aironet Access Point Software | =8.5\(151.0\) | |
| Cisco Aironet Access Point Software | =17.2.0.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3559?
CVE-2020-3559 is a vulnerability in Cisco Aironet Access Point (AP) Software that could allow an unauthenticated remote attacker to cause a device to reload.
How does the vulnerability in Cisco Aironet Access Point (AP) Software occur?
The vulnerability is due to improper handling of clients trying to connect to the AP.
What is the severity of CVE-2020-3559?
The severity of CVE-2020-3559 is high with a CVSS score of 8.6.
Which software versions are affected by CVE-2020-3559?
The affected software versions are Cisco Wireless LAN Controller 8.9 to 8.10.112.0.
How can I fix the CVE-2020-3559 vulnerability?
To fix the vulnerability, it is recommended to upgrade the Cisco Aironet Access Point (AP) Software to a version that is not vulnerable.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/cisco
- canonical/cisco wireless lan controller
- version/cisco wireless lan controller/8.9
- canonical/cisco 1111-4pwe
- canonical/cisco 1111-8plteeawb
- canonical/cisco 1111-8pwb
- canonical/cisco 1113-8plteeawe
- canonical/cisco 1113-8pmwe
- canonical/cisco 1113-8pwe
- canonical/cisco 1116-4plteeawe
- canonical/cisco 1116-4pwe
- canonical/cisco 1117-4plteeawe
- canonical/cisco 1117-4pmlteeawe
- canonical/cisco 1117-4pmwe
- canonical/cisco 1117-4pwe
- canonical/cisco aironet 1815
- canonical/cisco aironet 1830e
- canonical/cisco aironet 1830i
- canonical/cisco aironet 1850e
- canonical/cisco aironet 1850i
- canonical/cisco business 140ac
- canonical/cisco business 145ac
- canonical/cisco business 240ac
- canonical/cisco business access points
- version/cisco business access points/10.0
- canonical/cisco access points
- canonical/cisco catalyst 9800-40
- canonical/cisco catalyst 9800-80
- canonical/cisco catalyst 9800-cl
- canonical/cisco catalyst 9800-l
- canonical/cisco catalyst 9800-l-c
- canonical/cisco catalyst 9800-l-f
- canonical/cisco aironet access point software
- version/cisco aironet access point software/8.5\(151.0\)
- version/cisco aironet access point software/17.2.0.26