CVE-2024-20354 — MEDIUM (4.7)

Q: How severe is CVE-2024-20354?

CVE-2024-20354 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-20354?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller Software, Cisco Aironet 1530E, Cisco Aironet 1530I, Cisco Aironet 1552H, Cisco Aironet 1552S.

Vulnerability Description

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Cisco	Wireless Lan Controller Software	>= 8.5.171.0, < 8.6.0.0
Cisco	Aironet 1530E	-
Cisco	Aironet 1530I	-
Cisco	Aironet 1552H	-
Cisco	Aironet 1552S	-
Cisco	Aironet 1552Wu	-
Cisco	Aironet 1700I	-
Cisco	Aironet 2700E	-
Cisco	Aironet 2700I	-
Cisco	Aironet 3700E	-
Cisco	Aironet 3700I	-
Cisco	Aironet 3700P	-
Cisco	Ap801	-
Cisco	Ap802	-
Cisco	Ap803	-
Cisco	Iw3700	-
Cisco	Ios Xe	>= 16.12.4a, < 17.1.0

Related Weaknesses (CWE)

CWE-460

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory

FAQ

What is CVE-2024-20354?

CVE-2024-20354 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition ...

How severe is CVE-2024-20354?

CVE-2024-20354 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20354?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wireless Lan Controller Software, Cisco Aironet 1530E, Cisco Aironet 1530I, Cisco Aironet 1552H, Cisco Aironet 1552S.