VDB
CVE-2020-3206
CVE-2020-3206
PUBLISHED
CVSS 4.699999809265137 MEDIUM
A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device.
EPSS 0.13% · 32.5th percentile
Risk Scores
CVSS 3.0
4.699999809265137
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
EPSS Score
0.13%
32.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios_xe | 16.10.1e, 16.10.1s, 16.10.1 |
| Cisco | Cisco IOS XE Software 16.10.1 | n/a |
Exploit Intelligence
Timeline
- Jun 3, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 9, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score