1. Home
  2. CVE Database
  3. CVE-2020-3273
HIGH · 7.5

CVE-2020-3273

A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an ...

Vulnerability Description

A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). The vulnerability is due to incomplete input validation of the 802.11 GAS frames that are processed by an affected device. An attacker could exploit this vulnerability by sending a crafted 802.11 GAS frame over the air to an access point (AP), and that frame would then be relayed to the affected WLC. Also, an attacker with Layer 3 connectivity to the WLC could exploit this vulnerability by sending a malicious 802.11 GAS payload in a Control and Provisioning of Wireless Access Points (CAPWAP) packet to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Cisco5508 Wireless Controller Firmware8.5\(151.0\)
Cisco5508 Wireless Controller-
Cisco5520 Wireless Controller Firmware8.5\(151.0\)
Cisco5520 Wireless Controller-

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2020-3273?

CVE-2020-3273 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an ...

How severe is CVE-2020-3273?

CVE-2020-3273 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3273?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco 5508 Wireless Controller Firmware, Cisco 5508 Wireless Controller, Cisco 5520 Wireless Controller Firmware, Cisco 5520 Wireless Controller.