ID

VAR-202009-1182


CVE

CVE-2020-3559


TITLE

Cisco Aironet Access Point  Resource depletion vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-011830

DESCRIPTION

A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload. Cisco Aironet Access Points (aps) is a network access point device of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2020-3559 // JVNDB: JVNDB-2020-011830 // VULHUB: VHN-181684

AFFECTED PRODUCTS

vendor:ciscomodel:business access pointsscope:ltversion:10.1.1.0

Trust: 1.0

vendor:ciscomodel:access pointsscope:ltversion:16.12.4a

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope:eqversion:17.2.0.26

Trust: 1.0

vendor:ciscomodel:wireless lan controllerscope:gteversion:8.9

Trust: 1.0

vendor:ciscomodel:aironet access point softwarescope:eqversion:8.5\(151.0\)

Trust: 1.0

vendor:ciscomodel:business access pointsscope:gteversion:10.0

Trust: 1.0

vendor:ciscomodel:wireless lan controllerscope:ltversion:8.10.112.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco aironet アクセス ポイント ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco business access pointscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco access pointsscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco wireless lan controller ソフトウェアscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011830 // NVD: CVE-2020-3559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3559
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3559
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3559
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202009-1381
value: HIGH

Trust: 0.6

VULHUB: VHN-181684
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3559
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181684
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3559
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3559
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2020-3559
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181684 // JVNDB: JVNDB-2020-011830 // CNNVD: CNNVD-202009-1381 // NVD: CVE-2020-3559 // NVD: CVE-2020-3559

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181684 // JVNDB: JVNDB-2020-011830 // NVD: CVE-2020-3559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1381

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1381

PATCH

title:cisco-sa-aironet-dos-h3DCuLXwurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-h3DCuLXw

Trust: 0.8

title:Cisco Aironet Access Points Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129751

Trust: 0.6

sources: JVNDB: JVNDB-2020-011830 // CNNVD: CNNVD-202009-1381

EXTERNAL IDS

db:NVDid:CVE-2020-3559

Trust: 2.5

db:JVNDBid:JVNDB-2020-011830

Trust: 0.8

db:AUSCERTid:ESB-2020.3271

Trust: 0.6

db:NSFOCUSid:49359

Trust: 0.6

db:CNNVDid:CNNVD-202009-1381

Trust: 0.6

db:VULHUBid:VHN-181684

Trust: 0.1

sources: VULHUB: VHN-181684 // JVNDB: JVNDB-2020-011830 // CNNVD: CNNVD-202009-1381 // NVD: CVE-2020-3559

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-aironet-dos-h3dculxw

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3559

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-aironet-access-point-overload-via-authentication-flood-33424

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3271/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49359

Trust: 0.6

sources: VULHUB: VHN-181684 // JVNDB: JVNDB-2020-011830 // CNNVD: CNNVD-202009-1381 // NVD: CVE-2020-3559

SOURCES

db:VULHUBid:VHN-181684
db:JVNDBid:JVNDB-2020-011830
db:CNNVDid:CNNVD-202009-1381
db:NVDid:CVE-2020-3559

LAST UPDATE DATE

2024-08-14T13:43:55.326000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181684date:2021-04-16T00:00:00
db:JVNDBid:JVNDB-2020-011830date:2021-04-15T07:51:00
db:CNNVDid:CNNVD-202009-1381date:2020-10-10T00:00:00
db:NVDid:CVE-2020-3559date:2021-04-16T15:01:40.010

SOURCES RELEASE DATE

db:VULHUBid:VHN-181684date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-011830date:2021-04-15T00:00:00
db:CNNVDid:CNNVD-202009-1381date:2020-09-24T00:00:00
db:NVDid:CVE-2020-3559date:2020-09-24T18:15:21.997