Description

A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient verification checks of incoming 802.11 action frames. An attacker could exploit this vulnerability by sending 802.11 Device Analytics action frames with arbitrary parameters. A successful exploit could allow the attacker to inject Device Analytics action frames with arbitrary information, which could modify the Device Analytics data of valid wireless clients that are connected to the same wireless controller.

INFO

Published Date :

2025-09-24T16:40:16.242Z

Last Modified :

2025-10-15T16:05:13.010Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2025-20364 vulnerability.

Vendors Products
Cisco
  • Aironet
  • Aironet Access Point
  • Aironet Access Point Software
  • Cisco Ios
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20364.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-action-frame-inj-QqCNcz8H cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact