CVE-2024-20271

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20271
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:business_140ac:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_140ac_access_point:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_141acm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_142acm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_143acm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_145ac:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_145ac_access_point:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_240ac:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:business_150ax:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_150ax_access_point:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:business_151axm:-:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-03-27 17:15

Updated : 2025-08-06 13:45

NVD link : CVE-2024-20271

Mitre link : CVE-2024-20271

CVE.ORG link : CVE-2024-20271

JSON object : View

Products Affected

cisco

  • ios_xe
  • business_145ac
  • business_140ac_access_point
  • business_141acm
  • business_145ac_access_point
  • business_142acm
  • business_240ac
  • business_150ax_access_point
  • business_143acm
  • wireless_lan_controller_software
  • business_151axm
  • business_140ac
  • business_access_points
  • business_150ax
CWE
CWE-20

Improper Input Validation

NVD-CWE-Other