Main Vulnerability Database Vulnerabilities #VU47149

Input validation error in Cisco Systems, Inc products - CVE-2020-3494

Published: September 29, 2020

Vulnerability identifier: #VU47149

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3494

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco Catalyst 9800 Wireless Controller
Cisco Embedded Wireless Controller on Catalyst 9100 Access Points
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. A remote attacker on the local network can send a specially crafted CAPWAP packet and perform a denial of service (DoS) attack.

This vulnerability affects the following products running a vulnerable release of Cisco IOS XE Software:

Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
Catalyst 9800 Series Wireless Controllers
Embedded Wireless Controller on Catalyst 9100 Access Points

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq

Input validation error in Cisco Systems, Inc products - CVE-2020-3494

Description

Remediation

External links

Please verify you're human