CVE-2025-20364
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-12-13
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | aironet_3800 | * |
| cisco | integrated_access_points_on_1100_isrs | * |
| cisco | aironet_1560 | * |
| cisco | aironet_4800 | * |
| cisco | aironet_1540 | * |
| cisco | catalyst_9100 | * |
| cisco | aironet_1800 | * |
| cisco | aironet_2800 | * |
| cisco | wired_access_point_software | * |
| cisco | catalyst_iw6300_heavy_duty | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Device Analytics action frame processing of Cisco Wireless Access Point Software. It allows an unauthenticated attacker who is adjacent (within wireless range) to inject 802.11 action frames containing arbitrary information. This happens because the software does not sufficiently verify incoming 802.11 action frames, enabling the attacker to send Device Analytics action frames with arbitrary parameters.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could inject Device Analytics action frames with arbitrary information, potentially modifying the Device Analytics data of valid wireless clients connected to the same wireless controller. This could lead to inaccurate analytics data and possibly affect network monitoring or management based on that data.