Multiple vulnerabilities in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family



Published: 2020-09-29
Risk Medium
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2020-3418
CVE-2020-3390
CVE-2020-3429
CVE-2020-3399
CVE-2020-3497
CVE-2020-3494
CVE-2020-3493
CVE-2020-3489
CVE-2020-3488
CVE-2020-3487
CVE-2020-3486
CVE-2020-3428
CWE-ID CWE-284
CWE-20
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Cisco Catalyst 9800 Wireless Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco IOS XE
Operating systems & Components / Operating system

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU47141

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3418

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to an incomplete access control list (ACL) being applied prior to RUN state. A remote attacker on the local network can send ICMPv6 traffic prior to RUN state.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: 17.1.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-icmpv6-qb9eYyCR


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU47153

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3390

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Simple Network Management Protocol (SNMP) trap generation for wireless clients. A remote attacker on the local network can send an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: 16.12.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU47152

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3429

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the WPA2 and WPA3 security implementation. A remote attacker on the local network can send a specially crafted authentication packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco IOS XE: 16.12.1s

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wpa-dos-cXshjerc


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU47151

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3399

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker can send a specially crafted CAPWAP packet, trigger out-of-bounds read error and cause a denial of service condition on the system.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:
  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: 16.12 - 16.12.2

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU47150

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3497

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: Gibraltar 16.12.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU47149

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3494

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: Gibraltar 16.12.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU47148

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3493

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: Gibraltar 16.12.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU47147

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3489

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: Gibraltar 16.12.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU47146

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3488

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: Gibraltar 16.12.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU47145

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3487

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: Gibraltar 16.12.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU47144

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3486

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Embedded Wireless Controller on Catalyst 9100 Access Points

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco Embedded Wireless Controller on Catalyst 9100 Access Points: All versions

Cisco IOS XE: Gibraltar 16.12.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU47142

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3428

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. A remote attacker on the local network can send a specially crafted HTTP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Catalyst 9800 Wireless Controller: All versions

Cisco IOS XE: 16.12.1s - 16.12.2

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###