A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition.
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Changed
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
AV:A/AC:L/Au:N/C:N/I:N/A:C
Vendors | Products |
---|---|
Cisco |
|
Configuration 1 [-]
AND |
|
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2020-09-24T00:00:00
Updated: 2020-09-24T17:55:54
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3428
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-24T18:15:19.387
Modified: 2023-05-22T18:57:24.750
Link: CVE-2020-3428
JSON object: View
Redhat Information
No data.