CVE-2020-3552 - Vulnerability Details

A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Access Points Aironet 1542d Aironet 1542i Aironet 1562d Aironet 1562e Aironet 1562i Aironet 1810 Aironet 1815 Aironet 1830e Aironet 1830i Aironet 1840 Aironet 1850e Aironet 1850i Aironet 2800e Aironet 2800i Aironet 3800e Aironet 3800i Aironet 3800p Aironet 4800 Aironet Access Point Software Business Access Points Catalyst 9800-40 Catalyst 9800-80 Catalyst 9800-cl Catalyst 9800-l Catalyst 9800-l-c Catalyst 9800-l-f Wireless Lan Controller

Configuration 1 [-]

AND

cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:aironet_1542d:-:::::::*
	cpe:2.3:h:cisco:aironet_1542i:-:::::::*
	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
	cpe:2.3:h:cisco:aironet_1810:-:::::::*
	cpe:2.3:h:cisco:aironet_1815:-:::::::*
	cpe:2.3:h:cisco:aironet_1830e:-:::::::*
	cpe:2.3:h:cisco:aironet_1830i:-:::::::*
	cpe:2.3:h:cisco:aironet_1840:-:::::::*
	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*
	cpe:2.3:h:cisco:aironet_2800e:-:::::::*
	cpe:2.3:h:cisco:aironet_2800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800e:-:::::::*
	cpe:2.3:h:cisco:aironet_3800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800p:-:::::::*
	cpe:2.3:h:cisco:aironet_4800:-:::::::*

Configuration 2 [-]

cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:a:cisco:aironet_access_point_software:8.10\(1.255\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:aironet_1850e:-:::::::*
	cpe:2.3:h:cisco:aironet_1850i:-:::::::*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-09-24T17:51:08.669654Z

Updated: 2024-11-13T18:01:45.175Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3552

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-24T18:15:21.900

Modified: 2024-11-21T05:31:18.000

Link: CVE-2020-3552

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object