What is CVE-2020-3560?

CVE-2020-3560 is a vulnerability in Cisco Aironet Access Points (APs) that can allow an unauthenticated remote attacker to cause a denial of service (DoS) on an affected device.

How severe is CVE-2020-3560?

CVE-2020-3560 has a severity rating of 8.6 (high).

How does CVE-2020-3560 work?

CVE-2020-3560 is caused by improper resource management while processing specific packets, allowing an attacker to exploit the vulnerability and cause a DoS.

Which devices are affected by CVE-2020-3560?

Cisco Aironet Access Points (APs) running certain versions of Cisco Wireless LAN Controller, Cisco Wireless LAN Controller Software, and Cisco Access Points are affected by CVE-2020-3560.

How can I fix CVE-2020-3560?

To fix CVE-2020-3560, it is recommended to update the affected Cisco Aironet Access Points (APs) to a version that addresses the vulnerability.

Vulnerability/
CVE-2020-3560

high

8.6

CWE

400

24/9/2020

17/9/2024

CVE-2020-3560: Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability

First published: Thu Sep 24 2020(Updated: )

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Wireless LAN Controller	>=8.9<8.10.112.0
Cisco Wireless LAN Controller Software	<8.5.161.0
Cisco Wireless LAN Controller Software	>=8.6<8.8.130.0
Cisco 1111-4pwe
Cisco 1111-8plteeawb
Cisco 1111-8pwb
Cisco 1113-8plteeawe
Cisco 1113-8pmwe
Cisco 1113-8pwe
Cisco 1116-4plteeawe
Cisco 1116-4pwe
Cisco 1117-4plteeawe
Cisco 1117-4pmlteeawe
Cisco 1117-4pmwe
Cisco 1117-4pwe
Cisco Aironet 1542d
Cisco Aironet 1542i
Cisco Aironet 1562d
Cisco Aironet 1562e
Cisco Aironet 1562i
Cisco Aironet 1815
Cisco Aironet 1830e
Cisco Aironet 1830i
Cisco Aironet 1850e
Cisco Aironet 1850i
Cisco Aironet 2800e
Cisco Aironet 2800i
Cisco Aironet 3800e
Cisco Aironet 3800i
Cisco Aironet 3800p
Cisco Aironet 4800
Cisco Business 140ac
Cisco Business 145ac
Cisco Business 240ac
Cisco Catalyst 9105
Cisco Catalyst 9115
Cisco Catalyst 9117
Cisco Catalyst 9120
Cisco Catalyst 9130
Cisco Catalyst Iw6300
Cisco Esw-6300-con-x-k9
Cisco Business Access Points	>=10.0<10.1.1.0
Cisco Access Points	<16.12.4a
Cisco Catalyst 9800-40
Cisco Catalyst 9800-80
Cisco Catalyst 9800-cl
Cisco Catalyst 9800-l
Cisco Catalyst 9800-l-c
Cisco Catalyst 9800-l-f
Cisco Aironet Access Point Software	=8.5\(154.27\)
Cisco Aironet Access Point Software	=8.8\(125.0\)
Cisco Aironet Access Point Software	=8.10\(105.0\)
Cisco Aironet Access Point Software	=8.10\(105.4\)
Cisco Aironet Access Point Software	=17.1.2.6
Cisco Aironet Access Point Software	=17.1.2.9
Cisco Aironet Access Point Software	=17.2.0.37

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y

Frequently Asked Questions

What is CVE-2020-3560?
CVE-2020-3560 is a vulnerability in Cisco Aironet Access Points (APs) that can allow an unauthenticated remote attacker to cause a denial of service (DoS) on an affected device.
How severe is CVE-2020-3560?
CVE-2020-3560 has a severity rating of 8.6 (high).
How does CVE-2020-3560 work?
CVE-2020-3560 is caused by improper resource management while processing specific packets, allowing an attacker to exploit the vulnerability and cause a DoS.
Which devices are affected by CVE-2020-3560?
Cisco Aironet Access Points (APs) running certain versions of Cisco Wireless LAN Controller, Cisco Wireless LAN Controller Software, and Cisco Access Points are affected by CVE-2020-3560.
How can I fix CVE-2020-3560?
To fix CVE-2020-3560, it is recommended to update the affected Cisco Aironet Access Points (APs) to a version that addresses the vulnerability.

agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/author
agent/references
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
vendor/cisco
canonical/cisco wireless lan controller
version/cisco wireless lan controller/8.9
canonical/cisco wireless lan controller software
version/cisco wireless lan controller software/8.6
canonical/cisco 1111-4pwe
canonical/cisco 1111-8plteeawb
canonical/cisco 1111-8pwb
canonical/cisco 1113-8plteeawe
canonical/cisco 1113-8pmwe
canonical/cisco 1113-8pwe
canonical/cisco 1116-4plteeawe
canonical/cisco 1116-4pwe
canonical/cisco 1117-4plteeawe
canonical/cisco 1117-4pmlteeawe
canonical/cisco 1117-4pmwe
canonical/cisco 1117-4pwe
canonical/cisco aironet 1542d
canonical/cisco aironet 1542i
canonical/cisco aironet 1562d
canonical/cisco aironet 1562e
canonical/cisco aironet 1562i
canonical/cisco aironet 1815
canonical/cisco aironet 1830e
canonical/cisco aironet 1830i
canonical/cisco aironet 1850e
canonical/cisco aironet 1850i
canonical/cisco aironet 2800e
canonical/cisco aironet 2800i
canonical/cisco aironet 3800e
canonical/cisco aironet 3800i
canonical/cisco aironet 3800p
canonical/cisco aironet 4800
canonical/cisco business 140ac
canonical/cisco business 145ac
canonical/cisco business 240ac
canonical/cisco catalyst 9105
canonical/cisco catalyst 9115
canonical/cisco catalyst 9117
canonical/cisco catalyst 9120
canonical/cisco catalyst 9130
canonical/cisco catalyst iw6300
canonical/cisco esw-6300-con-x-k9
canonical/cisco business access points
version/cisco business access points/10.0
canonical/cisco access points
canonical/cisco catalyst 9800-40
canonical/cisco catalyst 9800-80
canonical/cisco catalyst 9800-cl
canonical/cisco catalyst 9800-l
canonical/cisco catalyst 9800-l-c
canonical/cisco catalyst 9800-l-f
canonical/cisco aironet access point software
version/cisco aironet access point software/8.5\(154.27\)
version/cisco aironet access point software/8.8\(125.0\)
version/cisco aironet access point software/8.10\(105.0\)
version/cisco aironet access point software/8.10\(105.4\)
version/cisco aironet access point software/17.1.2.6
version/cisco aironet access point software/17.1.2.9
version/cisco aironet access point software/17.2.0.37