Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability

Vulnerability

CVE-2020-3206 affects Cisco Catalyst 9800 Series Wireless Controllers running Cisco IOS XE Software. The vulnerability resides in the handling of IEEE 802.11w Protected Management Frames (PMFs). The affected software does not properly validate received 802.11w disassociation and deauthentication PMFs, allowing spoofed frames to be processed as legitimate [1].

Exploitation

An attacker must be in physical or logical proximity to the wireless network (adjacent) and possess no authentication credentials. The attacker sends a spoofed 802.11w disassociation or deauthentication PMF that appears to originate from a valid, authenticated client. The controller's failure to validate the PMF causes it to terminate the targeted client's connection [1]. No user interaction is required beyond the client being actively associated.

Impact

Successful exploitation results in a denial of service (DoS) condition: a single valid user connection is terminated. The attacker cannot execute code, elevate privileges, or access data; the impact is limited to disconnecting one authenticated client from the wireless controller [1].

Mitigation

Cisco released software updates on the date of the advisory (June 3, 2020) to address this vulnerability. Customers should upgrade to a fixed Cisco IOS XE Software release as indicated by the Cisco Software Checker [1]. No workarounds are described; organizations should prioritize patching affected Catalyst 9800 controllers.