MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2024-20354

CVSS 4.7v3.1pub. 2024-03-27upd. 2025-08-13

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
  • Cisco Aironet 1530e

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1530i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1552h

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1552s

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1552wu

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 1700i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 2700e

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 2700i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 3700e

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 3700i

    HW
    Cisco
    wszystkie wersje
  • Cisco Aironet 3700p

    HW
    Cisco
    wszystkie wersje
  • Cisco Ap801

    HW
    Cisco
    wszystkie wersje
  • Cisco Ap802

    HW
    Cisco
    wszystkie wersje
  • Cisco Ap803

    HW
    Cisco
    wszystkie wersje
  • Cisco IOS XE

    OS
    Cisco
    17.10.0 – 17.12.2 (bez)17.3.0 – 17.3.9 (bez)17.4.0 – 17.6.7 (bez)17.7.0 – 17.9.5 (bez)16.12.4a – 17.1.0 (bez)
  • Cisco Iw3700

    HW
    Cisco
    wszystkie wersje
  • Cisco Wireless Lan Controller Software

    APP
    Cisco
    8.10.130.0 – 8.10.190.81 (bez)8.5.171.0 – 8.6.0.0 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2023-20198CRITICAL10.0⚠ KEVten sam produkt

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2018-0151CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...

CVE-2017-3881CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...

CVE-2025-20363CRITICAL9.0PL ✓ten sam produkt

RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP

CVE-2025-20188CRITICAL10.0PL ✓ten sam produkt

Cisco IOS XE WLC — nieuwierzytelniony upload plików i RCE przez hardcoded JWT