Resource exhaustion in Cisco Systems, Inc products - CVE-2020-3559

 

Resource exhaustion in Cisco Systems, Inc products - CVE-2020-3559

Published: September 24, 2020 / Updated: September 29, 2020


Vulnerability identifier: #VU47139
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3559
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Aironet 1800 Series Access Points
Cisco Small Business 100 Series Wireless Access Points
Cisco Small Business 200 Series Smart Switches
Integrated Access Point on 1100 Integrated Services Routers
Cisco Catalyst 9800 Wireless Controller
Cisco Business Access Points
Cisco Wireless LAN Controller

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send authentication requests, trigger resource exhaustion and perform a denial of service (DoS) attack.


How to mitigate CVE-2020-3559

Install updates from vendor's website.

Sources