Resource exhaustion in Cisco Systems, Inc products - CVE-2020-3559
Published: September 24, 2020 / Updated: September 29, 2020
Vulnerability identifier: #VU47139
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3559
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Aironet 1800 Series Access Points
Cisco Small Business 100 Series Wireless Access Points
Cisco Small Business 200 Series Smart Switches
Integrated Access Point on 1100 Integrated Services Routers
Cisco Catalyst 9800 Wireless Controller
Cisco Business Access Points
Cisco Wireless LAN Controller
Cisco Aironet 1800 Series Access Points
Cisco Small Business 100 Series Wireless Access Points
Cisco Small Business 200 Series Smart Switches
Integrated Access Point on 1100 Integrated Services Routers
Cisco Catalyst 9800 Wireless Controller
Cisco Business Access Points
Cisco Wireless LAN Controller
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send authentication requests, trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.