Cisco Aironet AP Software Vulnerability Could Lead to Denial of Service
CVE-2024-20354

7.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco Aironet Access Point Software; Cisco Aironet Access Point Software (ios Xe Controller)
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-20354?

A vulnerability exists in the Cisco Aironet Access Point Software that permits an unauthenticated attacker in close proximity to induce a denial of service (DoS) condition. This is due to insufficient resource cleanup when certain malformed encrypted wireless frames are dropped. An attacker could exploit this by connecting as a wireless client to the compromised access point and sending crafted malformed frames. The result could lead to service disruption for other connected clients, effectively compromising the reliability of the wireless network.

Affected Version(s)

Cisco Aironet Access Point Software

Cisco Aironet Access Point Software (IOS XE Controller)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Nov 8, 2023