CVE-2020-3429

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family (affected versions not specified)

Description: A vulnerability in the WPA2 and WPA3 security implementation could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to incorrect packet processing during the WPA2 and WPA3 authentication handshake when configured for dot1x or pre-shared key (PSK) authentication key management (AKM) with 802.11r BSS Fast Transition (FT) enabled. An attacker could exploit this by sending a crafted authentication packet to an affected device, potentially causing it to reload and resulting in a DoS condition. Valid credentials for dot1x or PSK AKM to access the WLAN are required to exploit this vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.