CVE-2020-3560

HIGH

Cisco Aironet Access Points - Unauthenticated Denial of Service via Crafted UDP Packets

Title source: llm

Description

A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y

Scores

CVSS v3 8.6

EPSS 0.0116

EPSS Percentile 78.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (11)

cisco/access_points < 16.12.4a

cisco/aironet_access_point_software 8.5\(154.27\)

cisco/aironet_access_point_software 8.8\(125.0\)

cisco/aironet_access_point_software 8.10\(105.0\)

cisco/aironet_access_point_software 8.10\(105.4\)

cisco/aironet_access_point_software 17.1.2.6

cisco/aironet_access_point_software 17.1.2.9

cisco/aironet_access_point_software 17.2.0.37

cisco/business_access_points 10.0 - 10.1.1.0

cisco/wireless_lan_controller 8.9 - 8.10.112.0

... and 1 more

Published Sep 24, 2020

Tracked Since Feb 18, 2026