Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-CAPWAP-DOS-SHFZXF
HistorySep 24, 2020 - 4:00 p.m.

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability

2020-09-2416:00:00
tools.cisco.com
19
cisco
catalyst 9800
capwap
vulnerability
dos
software
update

EPSS

0.002

Percentile

52.7%

JSON

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device.

The vulnerability is due to insufficient input validation during CAPWAP packet processing. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf”]

This advisory is part of the September 24, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 34 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74268”].

Affected configurations

Vulners
Node
ciscocisco_ios_xe_softwareMatch16.6
OR
ciscocisco_ios_xe_softwareMatch16.10
OR
ciscocisco_ios_xe_softwareMatch16.11
OR
ciscocisco_ios_xe_softwareMatch16.12
OR
ciscocisco_ios_xe_softwareMatch17.1
OR
ciscocisco_ios_xe_softwareMatchany
OR
ciscocisco_ios_xe_softwareMatch16.6.8
OR
ciscocisco_ios_xe_softwareMatch16.10.1
OR
ciscocisco_ios_xe_softwareMatch16.10.1s
OR
ciscocisco_ios_xe_softwareMatch16.10.1e
OR
ciscocisco_ios_xe_softwareMatch16.11.1
OR
ciscocisco_ios_xe_softwareMatch16.11.1a
OR
ciscocisco_ios_xe_softwareMatch16.11.1b
OR
ciscocisco_ios_xe_softwareMatch16.11.2
OR
ciscocisco_ios_xe_softwareMatch16.11.1c
OR
ciscocisco_ios_xe_softwareMatch16.12.1
OR
ciscocisco_ios_xe_softwareMatch16.12.1s
OR
ciscocisco_ios_xe_softwareMatch16.12.2s
OR
ciscocisco_ios_xe_softwareMatch16.12.1t
OR
ciscocisco_ios_xe_softwareMatch16.12.2t
OR
ciscocisco_ios_xe_softwareMatch17.1.1
OR
ciscocisco_ios_xe_softwareMatch17.1.1s
OR
ciscocisco_ios_xe_softwareMatch17.1.1t
OR
ciscocisco_ios_xe_softwareMatchany
VendorProductVersionCPE
ciscocisco_ios_xe_software16.6cpe:2.3:a:cisco:cisco_ios_xe_software:16.6:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.10cpe:2.3:a:cisco:cisco_ios_xe_software:16.10:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.11cpe:2.3:a:cisco:cisco_ios_xe_software:16.11:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.12cpe:2.3:a:cisco:cisco_ios_xe_software:16.12:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.1cpe:2.3:a:cisco:cisco_ios_xe_software:17.1:*:*:*:*:*:*:*
ciscocisco_ios_xe_softwareanycpe:2.3:a:cisco:cisco_ios_xe_software:any:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.6.8cpe:2.3:a:cisco:cisco_ios_xe_software:16.6.8:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.10.1cpe:2.3:a:cisco:cisco_ios_xe_software:16.10.1:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.10.1scpe:2.3:a:cisco:cisco_ios_xe_software:16.10.1s:*:*:*:*:*:*:*
ciscocisco_ios_xe_software16.10.1ecpe:2.3:a:cisco:cisco_ios_xe_software:16.10.1e:*:*:*:*:*:*:*
Rows per page:
1-10 of 231

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2020-3399
2020-09-24 18:15:17
prion
prion
Input validation
2020-09-24 18:15:00
cvelist
cvelist
CVE-2020-3399 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
2020-09-24 18:02:22
cve
cve
CVE-2020-3399
2020-09-24 18:15:17

EPSS

0.002

Percentile

52.7%

JSON
Related for CISCO-SA-CAPWAP-DOS-SHFZXF
nvd1prion1cvelist1cve1