CVE-2020-3399

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers (affected versions not specified)

Description: The issue is related to errors in processing input data in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. This could allow a remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation during CAPWAP packet processing, which can be exploited by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.