Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3486

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.

Published

2020-09-24T18:15:20.197

Last Modified

2024-11-21T05:31:10.100

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:N/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	-	Yes
Hardware	cisco	catalyst_9105	-	No
Hardware	cisco	catalyst_9115	-	No
Hardware	cisco	catalyst_9117	-	No
Hardware	cisco	catalyst_9120	-	No
Hardware	cisco	catalyst_9130	-	No
Hardware	cisco	catalyst_9800-40	-	No
Hardware	cisco	catalyst_9800-80	-	No
Hardware	cisco	catalyst_9800-cl	-	No
Hardware	cisco	catalyst_9800-l	-	No
Hardware	cisco	catalyst_9800_embedded_wireless_controller	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)