Cisco Aironet APs Vulnerability Overview

This threat report is about a vulnerability recently discovered in Cisco Aironet Access Points (APs) known as CVE-2020-3560 and includes actionable mitigation intelligence.

An attacker may utilize this vulnerability to cause a Denial of Service (DoS) state on the targeted AP. Due to its high availability impact, this vulnerability can cause varying levels of downtime depending on the asset priority of the AP affected.

Cisco has released software updates that remediate this vulnerability in the affected products.

Related Reading: CDPwn: Five Cisco Vulnerabilities

Tactics, Techniques, and Procedures

This vulnerability is due to improper resource management by the affected Cisco Aironet Access Points (APs) while processing certain packets. An attacker may leverage this vulnerability by sending a sequence of crafted UDP packets to a specified port on a vulnerable AP.

There are two different security issues presented by this vulnerability which are referred to as CSCvr85614 and CSCvr85609. The attack vectors are similar to each other and both are remediated through the patch code available in recently released updates from Cisco (noted below).

Both weaknesses can be exploited by an attacker connected over the network. A vulnerable AP will be susceptible regardless of its deployment model.

The exploitation of CSCvr85614 will cause the AP to lose connection to the wireless LAN controller. Depending on the APS configuration, this could lead to loss of the client network or radio resets.

Exploitation of CSCvr85609 will cause the AP to unexpectedly reload, triggering a DoS state.

Related Reading: Cisco Webex Meetings Desktop App Vulnerability

Affected CISCO Products

  • Cisco Aironet 1540 Series APs
  • Cisco Aironet 1560 Series APs
  • Cisco Aironet 1800 Series APs
  • Cisco Aironet 2800 Series APs
  • Cisco Aironet 3800 Series APs
  • Cisco Aironet 4800 APs
  • Cisco Business 100 Series APs and Mesh Extenders
  • Cisco Business 200 Series APs
  • Cisco Catalyst 9100 APs
  • Cisco Catalyst IW 6300 APs
  • Cisco ESW6300 Series APs
  • Cisco Integrated Access Point on 1100 Integrated Services Routers

How the Cisco Aironet APs Vulnerability Affects You

Exploitation will lead to loss of connection to network resources and could lead to exceptional company production downtime depending on the AP targeted and length of the attack.

What You Can Do About CVE-2020-3560

If your company uses one of the affected Cisco Aironet products, we recommend verifying that your devices are running at the latest patch level to remediate this vulnerability in your environment. You can stay up-to-date with security issues that directly involve Cisco products on Cisco’s Security Advisories page.

Sources and Other Helpful Information

IBM X-Force Exchange


Cisco Security Advisory

MITRE ATT&CK Techniques

Contact us for more information about Avertium’s managed security service capabilities. 

This image has an empty alt attribute; its file name is 8-Steps-to-Take-if-Breached-featured-min.jpg

8 Steps to Take if You've Been Breached

With the prevalence, severity, and sophistication of cybersecurity attacks growing by the day, businesses of all types and sizes are scrambling to protect themselves. This best practices guide takes you through the 8 essential steps to managing a data breach. Download now.

Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.

This informed analysis is based on the latest data available.

Chat With One of Our Experts

Threat Report Cisco Vulnerabilities vulnerability management Threat Detection and Response Cisco Blog