CVE-2020-3552 — HIGH (7.4) — White Hats Nepal

Q: How severe is CVE-2020-3552?

CVE-2020-3552 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-3552?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller, Cisco Aironet 1542D, Cisco Aironet 1542I, Cisco Aironet 1562D, Cisco Aironet 1562E.

Vulnerability Description

A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Wireless Lan Controller	>= 8.6, < 8.10.105.0
Cisco	Aironet 1542D	-
Cisco	Aironet 1542I	-
Cisco	Aironet 1562D	-
Cisco	Aironet 1562E	-
Cisco	Aironet 1562I	-
Cisco	Aironet 1810	-
Cisco	Aironet 1815	-
Cisco	Aironet 1830E	-
Cisco	Aironet 1830I	-
Cisco	Aironet 1840	-
Cisco	Aironet 1850E	-
Cisco	Aironet 1850I	-
Cisco	Aironet 2800E	-
Cisco	Aironet 2800I	-
Cisco	Aironet 3800E	-
Cisco	Aironet 3800I	-
Cisco	Aironet 3800P	-
Cisco	Aironet 4800	-
Cisco	Business Access Points	>= 10.0, < 10.1.1.0

Related Weaknesses (CWE)

CWE-476

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aVendor Advisory

FAQ

What is CVE-2020-3552?

CVE-2020-3552 is a vulnerability with a CVSS score of 7.4 (HIGH). A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affec...

How severe is CVE-2020-3552?

CVE-2020-3552 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3552?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller, Cisco Aironet 1542D, Cisco Aironet 1542I, Cisco Aironet 1562D, Cisco Aironet 1562E.