Multiple vulnerabilities in Cisco Aironet products

1) Input validation error

EUVDB-ID: #VU53154

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-24586

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the 802.11 standard due to the affected device does not clear its cache/memory to remove fragments of an incomplete MSDU/MMPDU from previous session after reconnection/reassociation. A remote attacker on the local network can perform a fragment cache attack and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

ESR6300 Embedded Series Routers: All versions

Cisco Catalyst IW 6300: All versions

Cisco Aironet 3800 Series Access Points: All versions

Cisco Aironet 2800 Series Access Points: All versions

Cisco Aironet 1560 Series Access Points: All versions

Cisco 4800 Aironet Access Points: All versions

CPE2.3

• cpe:2.3:h:cisco_systems:esr6300_embedded_series_routers:*:*:*:*:*:*:*:*

External links

http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24423
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24441

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Spoofing attack

EUVDB-ID: #VU53098

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-24588

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

ESR6300 Embedded Series Routers: All versions

Cisco Catalyst IW 6300: All versions

Cisco Aironet 3800 Series Access Points: All versions

Cisco Aironet 2800 Series Access Points: All versions

Cisco Aironet 1560 Series Access Points: All versions

Cisco 4800 Aironet Access Points: All versions

CPE2.3

• cpe:2.3:h:cisco_systems:esr6300_embedded_series_routers:*:*:*:*:*:*:*:*

External links

http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24423
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24441

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU53167

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-26146

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. A remote attacker on the local network can exfiltrate selected fragments.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

ESR6300 Embedded Series Routers: All versions

Cisco Catalyst IW 6300: All versions

Cisco Aironet 3800 Series Access Points: All versions

Cisco Aironet 2800 Series Access Points: All versions

Cisco Aironet 1560 Series Access Points: All versions

Cisco 4800 Aironet Access Points: All versions

CPE2.3

• cpe:2.3:h:cisco_systems:esr6300_embedded_series_routers:*:*:*:*:*:*:*:*

External links

http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24423
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24441

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?