Resource exhaustion in Cisco Systems, Inc products - CVE-2020-3560
Published: September 24, 2020 / Updated: September 29, 2020
Vulnerability identifier: #VU47140
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3560
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Small Business 100 Series Wireless Access Points
Cisco Small Business 200 Series Smart Switches
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Cisco ESW6300 Series Access Points
Integrated Access Point on 1100 Integrated Services Routers
Cisco Catalyst 9800 Wireless Controller
Cisco Business Access Points
Cisco Wireless LAN Controller
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Small Business 100 Series Wireless Access Points
Cisco Small Business 200 Series Smart Switches
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Cisco ESW6300 Series Access Points
Integrated Access Point on 1100 Integrated Services Routers
Cisco Catalyst 9800 Wireless Controller
Cisco Business Access Points
Cisco Wireless LAN Controller
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of clients that are trying to connect to the AP. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.