CVE-2023-20112

23.03.2023, 17:15

A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.4 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
cisco	CNA	7.4 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Vendor	Product	Version
cisco	business_150ax_firmware	𝑥 < 10.3.2.0
cisco	business_151axm_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9105ax_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9105axi_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9105axw_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9105i_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9105w_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9115_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9115ax_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9115axe_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9115axi_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9117_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9117ax_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9117axi_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9120_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9120ax_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9120axe_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9120axi_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9120axp_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9124_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9124ax_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9124axd_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9124axi_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9130_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9130ax_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9130axe_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9130axi_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9136_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9162_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9164_firmware	𝑥 < 10.3.2.0
cisco	catalyst_9166_firmware	𝑥 < 10.3.2.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-D2SunWK2