Multiple vulnerabilities in Cisco Catalyst 9117 APs and Catalyst 9130 APs
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-24586 CVE-2020-24588 CVE-2020-26146 |
| CWE-ID | CWE-20 CWE-451 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Catalyst 9130 Series Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Catalyst 9117 Series Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU53154
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-24586
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the 802.11 standard due to the affected device does not clear its cache/memory to remove fragments of an incomplete MSDU/MMPDU from previous session after reconnection/reassociation. A remote attacker on the local network can perform a fragment cache attack and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco Catalyst 9130 Series Access Points: All versions
Cisco Catalyst 9117 Series Access Points: All versions
External linkshttp://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Spoofing attack
EUVDB-ID: #VU53098
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-24588
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco Catalyst 9130 Series Access Points: All versions
Cisco Catalyst 9117 Series Access Points: All versions
External linkshttp://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU53167
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26146
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. A remote attacker on the local network can exfiltrate selected fragments.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco Catalyst 9130 Series Access Points: All versions
Cisco Catalyst 9117 Series Access Points: All versions
External linkshttp://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
