CVE-2024-20271

Name of the Vulnerable Software and Affected Versions Cisco Access Point (AP) Software (affected versions not specified) Cisco Aironet Access Points (AP) (affected versions not specified) Cisco Wireless LAN Controller (WLC) (affected versions not specified)

Description A vulnerability in the IP packet processing could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this by sending a crafted IPv4 packet either to or through an affected device, causing it to reload unexpectedly and resulting in a DoS condition. The attacker does not need to be associated with the affected AP to exploit this vulnerability, and it cannot be exploited by sending IPv6 packets.

Recommendations For Cisco Access Point (AP) Software, consider disabling the IP packet processing feature until a patch is available. For Cisco Aironet Access Points (AP) and Cisco Wireless LAN Controller (WLC), restrict access to the IP packet processing module to minimize the risk of exploitation. Avoid using IPv4 packets in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.