Lucene search

[email protected]CVE-2023-20112

HistoryMar 23, 2023 - 5:15 p.m.

CVE-2023-20112

2023-03-2317:15:15

CWE-126

CWE-125

[email protected]

web.nvd.nist.gov

cisco

ap software

vulnerability

denial of service

dos

adjacent attacker

802.11 frames

nvd

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.

Affected configurations

NVD

Node

ciscobusiness_150ax_firmwareRange<10.3.2.0

AND

ciscobusiness_150axMatch-

Node

ciscobusiness_151axm_firmwareRange<10.3.2.0

AND

ciscobusiness_151axmMatch-

Node

ciscocatalyst_9105ax_firmwareRange<10.3.2.0

AND

ciscocatalyst_9105axMatch-

Node

ciscocatalyst_9105axi_firmwareRange<10.3.2.0

AND

ciscocatalyst_9105axiMatch-

Node

ciscocatalyst_9105axw_firmwareRange<10.3.2.0

AND

ciscocatalyst_9105axwMatch-

Node

ciscocatalyst_9105i_firmwareRange<10.3.2.0

AND

ciscocatalyst_9105iMatch-

Node

ciscocatalyst_9105w_firmwareRange<10.3.2.0

AND

ciscocatalyst_9105wMatch-

Node

ciscocatalyst_9115_firmwareRange<10.3.2.0

AND

ciscocatalyst_9115Match-

Node

ciscocatalyst_9115ax_firmwareRange<10.3.2.0

AND

ciscocatalyst_9115axMatch-

Node

ciscocatalyst_9115axe_firmwareRange<10.3.2.0

AND

ciscocatalyst_9115axeMatch-

Node

ciscocatalyst_9115axi_firmwareRange<10.3.2.0

AND

ciscocatalyst_9115axiMatch-

Node

ciscocatalyst_9117_firmwareRange<10.3.2.0

AND

ciscocatalyst_9117Match-

Node

ciscocatalyst_9117ax_firmwareRange<10.3.2.0

AND

ciscocatalyst_9117axMatch-

Node

ciscocatalyst_9117axi_firmwareRange<10.3.2.0

AND

ciscocatalyst_9117axiMatch-

Node

ciscocatalyst_9120_firmwareRange<10.3.2.0

AND

ciscocatalyst_9120Match-

Node

ciscocatalyst_9120ax_firmwareRange<10.3.2.0

AND

ciscocatalyst_9120axMatch-

Node

ciscocatalyst_9120axe_firmwareRange<10.3.2.0

AND

ciscocatalyst_9120axeMatch-

Node

ciscocatalyst_9120axi_firmwareRange<10.3.2.0

AND

ciscocatalyst_9120axiMatch-

Node

ciscocatalyst_9120axp_firmwareRange<10.3.2.0

AND

ciscocatalyst_9120axpMatch-

Node

ciscocatalyst_9124_firmwareRange<10.3.2.0

AND

ciscocatalyst_9124Match-

Node

ciscocatalyst_9124ax_firmwareRange<10.3.2.0

AND

ciscocatalyst_9124axMatch-

Node

ciscocatalyst_9124axd_firmwareRange<10.3.2.0

AND

ciscocatalyst_9124axdMatch-

Node

ciscocatalyst_9124axi_firmwareRange<10.3.2.0

AND

ciscocatalyst_9124axiMatch-

Node

ciscocatalyst_9130_firmwareRange<10.3.2.0

AND

ciscocatalyst_9130Match-

Node

ciscocatalyst_9130ax_firmwareRange<10.3.2.0

AND

ciscocatalyst_9130axMatch-

Node

ciscocatalyst_9130axe_firmwareRange<10.3.2.0

AND

ciscocatalyst_9130axeMatch-

Node

ciscocatalyst_9130axi_firmwareRange<10.3.2.0

AND

ciscocatalyst_9130axiMatch-

Node

ciscocatalyst_9136_firmwareRange<10.3.2.0

AND

ciscocatalyst_9136Match-

Node

ciscocatalyst_9162_firmwareRange<10.3.2.0

AND

ciscocatalyst_9162Match-

Node

ciscocatalyst_9164_firmwareRange<10.3.2.0

AND

ciscocatalyst_9164Match-

Node

ciscocatalyst_9166_firmwareRange<10.3.2.0

AND

ciscocatalyst_9166Match-

CPENameOperatorVersion
cisco:business_150ax_firmwarecisco business 150ax firmwarelt10.3.2.0

CPE	Name	Operator	Version
cisco:business_150ax_firmware	cisco business 150ax firmware	lt	10.3.2.0

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Aironet Access Point Software ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-D2SunWK2

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2023-20112

prion1 cisco1 cvelist1 nvd1