Unrated severityNVD Advisory· Published Mar 23, 2023· Updated Oct 25, 2024

Cisco Access Point Software Association Request Denial of Service Vulnerability

CVE-2023-20112

Description

A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A vulnerability in Cisco access point software allows an unauthenticated, adjacent attacker to cause a denial of service via a crafted 802.11 association request.

Vulnerability

A vulnerability in the 802.11 frame handling of Cisco access point (AP) software allows an unauthenticated, adjacent attacker to cause a denial of service. The issue is due to insufficient validation of certain parameters within 802.11 association request frames. Affected devices include various Cisco access point models running vulnerable firmware versions. [1]

Exploitation

An attacker can exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to the target access point. No authentication is required, and the attacker must be within wireless range of the device (adjacent network access). The crafted frame triggers an unexpected reload of the AP, causing a denial of service condition. [1]

Impact

Successful exploitation results in an unexpected reload of the affected Cisco access point, leading to a temporary denial of service. No other impact, such as information disclosure or remote code execution, has been reported.

Mitigation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain fixes through their usual update channels. For customers without contracts, please refer to the Cisco Security Advisory [1] for specific fixed versions and guidance. No workarounds are available.

References

Cisco Security Advisory: Cisco Access Point Software Association Request Denial of Service Vulnerability

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Cisco Access Point Softwarellm-create
Cisco Systems, Inc./Aironet Access Point Softwarecpe-rescue
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-D2SunWK2mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000