Lucene search

CiscoCVE-2020-3390

HistorySep 24, 2020 - 6:15 p.m.

CVE-2020-3390

2020-09-2418:15:17

CWE-20

cisco

web.nvd.nist.gov

cisco

catalyst 9000

wireless controller

snmp

vulnerability

dos

nvd

cve-2020-3390

CVSS2

5.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

25.0%

JSON

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition.

Affected configurations

Nvd

Node

ciscoios_xeMatch16.12.1

AND

ciscocatalyst_9800-40Match-

ciscocatalyst_9800-80Match-

ciscocatalyst_9800-clMatch-

ciscocatalyst_9800-lMatch-

ciscocatalyst_9800-l-cMatch-

ciscocatalyst_9800-l-fMatch-

VendorProductVersionCPE
ciscoios_xe16.12.1cpe:2.3:a:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*
ciscocatalyst_9800-40-cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*
ciscocatalyst_9800-80-cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*
ciscocatalyst_9800-cl-cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*
ciscocatalyst_9800-l-cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*
ciscocatalyst_9800-l-c-cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*
ciscocatalyst_9800-l-f-cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	16.12.1	cpe:2.3:a:cisco:ios_xe:16.12.1:::::::*
cisco	catalyst_9800-40	-	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
cisco	catalyst_9800-80	-	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
cisco	catalyst_9800-cl	-	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
cisco	catalyst_9800-l	-	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
cisco	catalyst_9800-l-c	-	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
cisco	catalyst_9800-l-f	-	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K

Social References

CVSS2

5.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

25.0%

JSON

Related for CVE-2020-3390