CVE-2023-20112 - Vulnerability Details

A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00059.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Aironet Access Point Software

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:cisco:business_150ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:business_150ax:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:business_151axm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:business_151axm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:catalyst_9105ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9105ax:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:catalyst_9105axi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:catalyst_9105axw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:catalyst_9105i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9105i:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cisco:catalyst_9105w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9105w:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cisco:catalyst_9115_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:catalyst_9115ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9115ax:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:cisco:catalyst_9115axe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:cisco:catalyst_9115axi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:cisco:catalyst_9117_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:cisco:catalyst_9117ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9117ax:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:cisco:catalyst_9117axi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:cisco:catalyst_9120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:cisco:catalyst_9120ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9120ax:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:cisco:catalyst_9120axe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:cisco:catalyst_9120axi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:cisco:catalyst_9120axp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:cisco:catalyst_9124_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:cisco:catalyst_9124ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9124ax:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:cisco:catalyst_9124axd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:cisco:catalyst_9124axi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:cisco:catalyst_9130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:cisco:catalyst_9130ax_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9130ax:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:cisco:catalyst_9130axe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:cisco:catalyst_9130axi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:cisco:catalyst_9136_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9136:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:cisco:catalyst_9162_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9162:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:cisco:catalyst_9164_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9164:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:cisco:catalyst_9166_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9166:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Cisco Subscribe	Business 150ax Subscribe Business 150ax Firmware Subscribe Business 151axm Subscribe Business 151axm Firmware Subscribe Catalyst 9105ax Subscribe Catalyst 9105ax Firmware Subscribe Catalyst 9105axi Subscribe Catalyst 9105axi Firmware Subscribe Catalyst 9105axw Subscribe Catalyst 9105axw Firmware Subscribe Catalyst 9105i Subscribe Catalyst 9105i Firmware Subscribe Catalyst 9105w Subscribe Catalyst 9105w Firmware Subscribe Catalyst 9115 Subscribe Catalyst 9115 Firmware Subscribe Catalyst 9115ax Subscribe Catalyst 9115ax Firmware Subscribe Catalyst 9115axe Subscribe Catalyst 9115axe Firmware Subscribe Catalyst 9115axi Subscribe Catalyst 9115axi Firmware Subscribe Catalyst 9117 Subscribe Catalyst 9117 Firmware Subscribe Catalyst 9117ax Subscribe Catalyst 9117ax Firmware Subscribe Catalyst 9117axi Subscribe Catalyst 9117axi Firmware Subscribe Catalyst 9120 Subscribe Catalyst 9120 Firmware Subscribe Catalyst 9120ax Subscribe Catalyst 9120ax Firmware Subscribe Catalyst 9120axe Subscribe Catalyst 9120axe Firmware Subscribe Catalyst 9120axi Subscribe Catalyst 9120axi Firmware Subscribe Catalyst 9120axp Subscribe Catalyst 9120axp Firmware Subscribe Catalyst 9124 Subscribe Catalyst 9124 Firmware Subscribe Catalyst 9124ax Subscribe Catalyst 9124ax Firmware Subscribe Catalyst 9124axd Subscribe Catalyst 9124axd Firmware Subscribe Catalyst 9124axi Subscribe Catalyst 9124axi Firmware Subscribe Catalyst 9130 Subscribe Catalyst 9130 Firmware Subscribe Catalyst 9130ax Subscribe Catalyst 9130ax Firmware Subscribe Catalyst 9130axe Subscribe Catalyst 9130axe Firmware Subscribe Catalyst 9130axi Subscribe Catalyst 9130axi Firmware Subscribe Catalyst 9136 Subscribe Catalyst 9136 Firmware Subscribe Catalyst 9162 Subscribe Catalyst 9162 Firmware Subscribe Catalyst 9164 Subscribe Catalyst 9164 Firmware Subscribe Catalyst 9166 Subscribe Catalyst 9166 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-24291	A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-D2SunWK2

History

Fri, 25 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-03-23T00:00:00

Updated: 2024-10-25T16:02:04.798Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20112

Vulnrichment

Updated: 2024-08-02T08:57:35.895Z

NVD

Status : Modified

Published: 2023-03-23T17:15:15.267

Modified: 2024-11-21T07:40:34.933

Link: CVE-2023-20112

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object