NULL pointer dereference in Cisco Systems, Inc products - CVE-2020-3552
Published: September 24, 2020 / Updated: September 29, 2020
Vulnerability identifier: #VU47136
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3552
CWE-ID: CWE-476
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco 1810 Aironet Access Points
Cisco Aironet 1850 Series Access Points
Cisco Aironet 1815 Series Access Points
Cisco Aironet 1840 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco Catalyst 9800 Wireless Controller
Cisco Business Access Points
Cisco Wireless LAN Controller
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco 1810 Aironet Access Points
Cisco Aironet 1850 Series Access Points
Cisco Aironet 1815 Series Access Points
Cisco Aironet 1840 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco Catalyst 9800 Wireless Controller
Cisco Business Access Points
Cisco Wireless LAN Controller
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.