This threat report is about a vulnerability recently discovered in Cisco Aironet Access Points (APs) known as CVE-2020-3560 and includes actionable mitigation intelligence.
An attacker may utilize this vulnerability to cause a Denial of Service (DoS) state on the targeted AP. Due to its high availability impact, this vulnerability can cause varying levels of downtime depending on the asset priority of the AP affected.
Cisco has released software updates that remediate this vulnerability in the affected products.
Related Reading: CDPwn: Five Cisco Vulnerabilities
This vulnerability is due to improper resource management by the affected Cisco Aironet Access Points (APs) while processing certain packets. An attacker may leverage this vulnerability by sending a sequence of crafted UDP packets to a specified port on a vulnerable AP.
There are two different security issues presented by this vulnerability which are referred to as CSCvr85614 and CSCvr85609. The attack vectors are similar to each other and both are remediated through the patch code available in recently released updates from Cisco (noted below).
Both weaknesses can be exploited by an attacker connected over the network. A vulnerable AP will be susceptible regardless of its deployment model.
The exploitation of CSCvr85614 will cause the AP to lose connection to the wireless LAN controller. Depending on the APS configuration, this could lead to loss of the client network or radio resets.
Exploitation of CSCvr85609 will cause the AP to unexpectedly reload, triggering a DoS state.
Related Reading: Cisco Webex Meetings Desktop App Vulnerability
Exploitation will lead to loss of connection to network resources and could lead to exceptional company production downtime depending on the AP targeted and length of the attack.
If your company uses one of the affected Cisco Aironet products, we recommend verifying that your devices are running at the latest patch level to remediate this vulnerability in your environment. You can stay up-to-date with security issues that directly involve Cisco products on Cisco’s Security Advisories page.
With the prevalence, severity, and sophistication of cybersecurity attacks growing by the day, businesses of all types and sizes are scrambling to protect themselves. This best practices guide takes you through the 8 essential steps to managing a data breach. Download now.
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.