Vulnslist

find the latest Cisco vulnerabilities

Cisco Wireless Access Point Software Device Analytics Action Frame Injection Vulnerability

cisco-sa-action-frame-inj-QqCNcz8H · Medium · Published · Updated

A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient verification checks of incoming 802.11 action frames. An attacker could exploit this vulnerability by sending 802.11 Device Analytics action frames with arbitrary parameters. A successful exploit could allow the attacker to inject Device Analytics action frames with arbitrary information, which could modify the Device Analytics data of valid wireless clients that are connected to the same wireless controller. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-action-frame-inj-QqCNcz8H

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2025-20364
Cisco Bug IDsCSCwn50822
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Aironet Access Point Software (IOS XE Controller)

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2025-20364 Cisco OpenVuln
Cisco IOS XE Software CVE-2025-20364 Cisco OpenVuln
Cisco IOS Software CVE-2025-20364 Cisco OpenVuln
Cisco Aironet Access Point Software (IOS XE Controller) CVE-2025-20364 Cisco OpenVuln
Cisco Aironet Access Point Software CVE-2025-20364 Cisco OpenVuln