SB2020092905 - Multiple vulnerabilities in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family
Published: September 29, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2020-3418)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to an incomplete access control list (ACL) being applied prior to RUN state. A remote attacker on the local network can send ICMPv6 traffic prior to RUN state.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
2) Input validation error (CVE-ID: CVE-2020-3390)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Simple Network Management Protocol (SNMP) trap generation for wireless clients. A remote attacker on the local network can send an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
3) Input validation error (CVE-ID: CVE-2020-3429)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the WPA2 and WPA3 security implementation. A remote attacker on the local network can send a specially crafted authentication packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
4) Out-of-bounds read (CVE-ID: CVE-2020-3399)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker can send a specially crafted CAPWAP packet, trigger out-of-bounds read error and cause a denial of service condition on the system.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
5) Input validation error (CVE-ID: CVE-2020-3497)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
6) Input validation error (CVE-ID: CVE-2020-3494)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
7) Input validation error (CVE-ID: CVE-2020-3493)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
8) Input validation error (CVE-ID: CVE-2020-3489)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
9) Input validation error (CVE-ID: CVE-2020-3488)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
10) Input validation error (CVE-ID: CVE-2020-3487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
11) Input validation error (CVE-ID: CVE-2020-3486)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Embedded Wireless Controller on Catalyst 9100 Access Points
12) Input validation error (CVE-ID: CVE-2020-3428)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. A remote attacker on the local network can send a specially crafted HTTP packet and perform a denial of service (DoS) attack.
This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-icmpv6-qb9eYyCR
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wpa-dos-cXshjerc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3