CNNVD-202509-3828 Information

Sep 24, 2025 cve

CNNVD ID

CNNVD-202509-3828

CVE-2025-20364

  • CNNVD Published: 2025-09-24

Description (Chinese)

Cisco Wireless LAN Controller(WLC)是美国思科(Cisco)公司的一款无线局域网控制器产品。该产品在无线局域网中提供安全策略、入侵检测等功能。 Cisco Wireless LAN Controller存在安全漏洞,该漏洞源于对802.11动作帧验证不足,可能导致攻击者注入特制动作帧并修改有效无线客户端的设备分析数据。

Description (English)

Cisco Wireless LAN Controller (WLC) is a wireless LAN controller product from Cisco. The product provides security strategies, intrusion detection, etc. in the wireless area network. Cisco Wireless LAN Controller had a security loophole, which stemmed from a lack of verification of the 802.11 action frames, which could result in the aggressor injecting special action frames and modifying the equipment analysis data for an effective wireless client.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Citadel

Published

2025-09-24

Last Modified

2026-02-24

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-action-frame-inj-QqCNcz8H https://access.redhat.com/security/cve/cve-2025-20364 https://vigilance.fr/vulnerability/Cisco-Wireless-Access-Point-write-access-via-Action-Frame-Injection-48292

Patch

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-action-frame-inj-QqCNcz8H

Share on: