CVE Tools

CVE-2023-20112

Cisco Access Point Software Association Request Denial of Service Vulnerability

Published: Mar 23, 2023Updated: Nov 21, 2024 Sources: CVE List NVD BDUCWE-126

Patch Available

Description

A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.

CVSS Vector Breakdown

Exploitability

AV:AAttack Vector

Adjacent

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:NConfidentiality

None

I:NIntegrity

None

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

CWE-126 CWE-125

Affected Products

business 150ax firmware cisco Networking Infrastructure

business 151axm firmware cisco Networking Infrastructure

catalyst 9105ax firmware cisco Networking Infrastructure

catalyst 9105axi firmware cisco Networking Infrastructure

catalyst 9105axw firmware cisco Networking Infrastructure

ciscocommercialUSNetworking Infrastructureaka cisco systems, cisco systems inc.

and 31 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

0 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details

Official Patch Available

MITRE ATT&CK

1 technique

Collection

View detailed technique mapping

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-D2SunWK2

sec.cloudapps.cisco.com

Timeline

Published

Mar 23, 2023

Last Updated

Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2023-20112 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows