CVE-2024-20271 - Vulnerability Details

A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Business 140ac Business 140ac Access Point Business 141acm Business 142acm Business 143acm Business 145ac Business 145ac Access Point Business 150ax Business 150ax Access Point Business 151axm Business 240ac Business Access Points Ios Xe Wireless Lan Controller Software

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

Configuration 2 [-]

AND

cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:business_140ac:-:::::::*
	cpe:2.3:h:cisco:business_140ac_access_point:-:::::::*
	cpe:2.3:h:cisco:business_141acm:-:::::::*
	cpe:2.3:h:cisco:business_142acm:-:::::::*
	cpe:2.3:h:cisco:business_143acm:-:::::::*
	cpe:2.3:h:cisco:business_145ac:-:::::::*
	cpe:2.3:h:cisco:business_145ac_access_point:-:::::::*
	cpe:2.3:h:cisco:business_240ac:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:a:cisco:business_access_points:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:business_150ax:-:::::::*
	cpe:2.3:h:cisco:business_150ax_access_point:-:::::::*
	cpe:2.3:h:cisco:business_151axm:-:::::::*

Configuration 4 [-]

cpe:2.3:o:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W

History

Wed, 06 Aug 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco business 140ac Cisco business 140ac Access Point Cisco business 141acm Cisco business 142acm Cisco business 143acm Cisco business 145ac Cisco business 145ac Access Point Cisco business 150ax Cisco business 150ax Access Point Cisco business 151axm Cisco business 240ac Cisco business Access Points Cisco ios Xe Cisco wireless Lan Controller Software
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:cisco:business_access_points:::::::: cpe:2.3:h:cisco:business_140ac:-:::::::* cpe:2.3:h:cisco:business_140ac_access_point:-:::::::* cpe:2.3:h:cisco:business_141acm:-:::::::* cpe:2.3:h:cisco:business_142acm:-:::::::* cpe:2.3:h:cisco:business_143acm:-:::::::* cpe:2.3:h:cisco:business_145ac:-:::::::* cpe:2.3:h:cisco:business_145ac_access_point:-:::::::* cpe:2.3:h:cisco:business_150ax:-:::::::* cpe:2.3:h:cisco:business_150ax_access_point:-:::::::* cpe:2.3:h:cisco:business_151axm:-:::::::* cpe:2.3:h:cisco:business_240ac:-:::::::* cpe:2.3:o:cisco:ios_xe:::::::: cpe:2.3:o:cisco:wireless_lan_controller_software::::::::
Vendors & Products		Cisco Cisco business 140ac Cisco business 140ac Access Point Cisco business 141acm Cisco business 142acm Cisco business 143acm Cisco business 145ac Cisco business 145ac Access Point Cisco business 150ax Cisco business 150ax Access Point Cisco business 151axm Cisco business 240ac Cisco business Access Points Cisco ios Xe Cisco wireless Lan Controller Software

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-03-27T17:05:27.473Z

Updated: 2024-08-01T21:52:38.878Z

Reserved: 2023-11-08T15:08:07.624Z

Link: CVE-2024-20271

Vulnrichment

Updated: 2024-08-01T21:52:38.878Z

NVD

Status : Analyzed

Published: 2024-03-27T17:15:51.320

Modified: 2025-08-06T13:45:24.563

Link: CVE-2024-20271

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object