#VU87900 Improper Cleanup on Thrown Exception in Cisco Systems, Inc Hardware solutions


Published: 2024-03-28

Vulnerability identifier: #VU87900

Vulnerability risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20354

CWE-ID: CWE-460

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
800 and 1900 Series ISR Integrated Access Points
Other software / Other software solutions
Aironet 1700 Series Access Points
Other software / Other software solutions
Aironet 2700 Series Access Points
Other software / Other software solutions
Aironet 3700 Series Access Points
Other software / Other software solutions
Industrial Wireless 3700 Series
Other software / Other software solutions
Wireless LAN Controller Software
Other software / Other software solutions
Aironet 1530 Series Outdoor Access Points
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aironet 1552 Outdoor Access Points
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aironet 1570 Series Outdoor Access Points
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 9800 Series Wireless Controller Software
Hardware solutions / Firmware

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incomplete cleanup of resources when dropping certain malformed frames. A remote attacker on the local network can cause degradation of service to other clients and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

800 and 1900 Series ISR Integrated Access Points: All versions

Aironet 1530 Series Outdoor Access Points: All versions

Aironet 1552 Outdoor Access Points: All versions

Aironet 1570 Series Outdoor Access Points: All versions

Aironet 1700 Series Access Points: All versions

Aironet 2700 Series Access Points: All versions

Aironet 3700 Series Access Points: All versions

Industrial Wireless 3700 Series: All versions

Wireless LAN Controller Software: 8.5.171.0 - 8.10.130.0

Catalyst 9800 Series Wireless Controller Software: 16.12.4a - 17.12

External links
http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-ap-dos-PPPtcVW

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Denial of service in Cisco Aironet Access Point Software