#VU87882 Input validation error in Cisco Systems, Inc products - CVE-2024-20271
Published: March 28, 2024
Vulnerability identifier: #VU87882
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-20271
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
6300 Series Embedded Services Access Points
Aironet 4800 Access Points
Business 100 Series Mesh Extenders
Business 200 Series Access Points
Catalyst IW6300 Heavy Duty Series Access Points
Wireless LAN Controller Software
Cisco Aironet 1540 Series Access Points
Aironet 1560 Series Access Points
Aironet 1800 Series Access Points
Aironet 2800 Series Access Points
Aironet 3800 Series Access Points
Catalyst 9100 Access Points
Integrated Access Point on 1100 Integrated Services Routers
Wide Pluggable Form Factor Wi-Fi 6 AP Module for Industrial Routers
Catalyst 9800 Wireless Controller Software
Business Wireless Access Point Software
6300 Series Embedded Services Access Points
Aironet 4800 Access Points
Business 100 Series Mesh Extenders
Business 200 Series Access Points
Catalyst IW6300 Heavy Duty Series Access Points
Wireless LAN Controller Software
Cisco Aironet 1540 Series Access Points
Aironet 1560 Series Access Points
Aironet 1800 Series Access Points
Aironet 2800 Series Access Points
Aironet 3800 Series Access Points
Catalyst 9100 Access Points
Integrated Access Point on 1100 Integrated Services Routers
Wide Pluggable Form Factor Wi-Fi 6 AP Module for Industrial Routers
Catalyst 9800 Wireless Controller Software
Business Wireless Access Point Software
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the IP packet processing of Cisco Access Point (AP) Software. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.