CVE-2020-3206 MEDIUM

CVE-2020-3206: Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability

Vendor Cisco
Product Cisco IOS XE Software 16.10.1
Weakness CWE-20 · Input validation
Published June 3, 2020
Last update November 15, 2024
View on NVD All CVEs

CVSS base score

4.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

What the vulnerability does

01Description

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device.

Key dates

02Disclosure timeline

June 3, 2020 CVE published
November 15, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend CVE-2022-24086 Adobe Commerce checkout improper input validation leads to remote code execution CVE-2021-26624 eScan Anti-Virus Local privilege escalation Vulnerability CVE-2018-15460 Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability CVE-2021-26617 Gabia Firstmall remote code execution vulnerability