CVE-2020-3560

CVSS V2 High 7.8 CVSS V3 High 8.6
Description
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.
Overview
  • CVE ID
  • CVE-2020-3560
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-09-24T18:15:22
  • Last Modified Date
  • 2021-04-16T15:01:40
Weakness Enumerations
CWE URL
CWE-400 http://cwe.mitre.org/data/definitions/400.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:cisco:wireless_lan_controller:*:*:*:*:*:*:*:* 1 OR 8.9 8.10.112.0
cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:* 1 OR 8.5.161.0
cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:* 1 OR 8.6 8.8.130.0
cpe:2.3:h:cisco:1111-4pwe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1111-8plteeawb:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1111-8pwb:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1113-8plteeawe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1113-8pmwe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1113-8pwe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1116-4plteeawe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1116-4pwe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1117-4plteeawe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1117-4pmlteeawe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1117-4pmwe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:1117-4pwe:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1830e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1830i:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:business_140ac:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:business_145ac:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:business_240ac:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:esw-6300-con-x-k9:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:* 1 OR 10.0 10.1.1.0
AND
cpe:2.3:o:cisco:access_points:*:*:*:*:*:*:*:* 1 OR 16.12.4a
cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:cisco:aironet_access_point_software:8.5\(154.27\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:aironet_access_point_software:8.8\(125.0\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:aironet_access_point_software:8.10\(105.0\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:aironet_access_point_software:8.10\(105.4\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:aironet_access_point_software:17.1.2.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:aironet_access_point_software:17.1.2.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:aironet_access_point_software:17.2.0.37:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cisco:aironet_1850e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:aironet_1850i:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.8
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • CHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 8.6
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 4
References
Reference URL Reference Tags
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-3560
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3560
History
Created Old Value New Value Data Type Notes
2022-05-10 07:15:36 Added to TrackCVE
2022-12-04 23:19:58 psirt@cisco.com ykramarz@cisco.com CVE Assigner updated
2022-12-04 23:19:58 2020-09-24T18:15Z 2020-09-24T18:15:22 CVE Published Date updated
2022-12-04 23:19:58 2021-04-16T15:01:40 CVE Modified Date updated
2022-12-04 23:19:58 Analyzed Vulnerability Status updated