8.6
CVE-2021-1615
- EPSS 0.44%
- Published 23.09.2021 03:15:12
- Last modified 21.11.2024 05:44:44
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Embedded Wireless Controller Version <= 17.6.1
Cisco ≫ Catalyst 9105 Version-
Cisco ≫ Catalyst 9115 Version-
Cisco ≫ Catalyst 9117 Version-
Cisco ≫ Catalyst 9120 Version-
Cisco ≫ Catalyst 9124 Version-
Cisco ≫ Catalyst 9130 Version-
Cisco ≫ Catalyst 9115 Version-
Cisco ≫ Catalyst 9117 Version-
Cisco ≫ Catalyst 9120 Version-
Cisco ≫ Catalyst 9124 Version-
Cisco ≫ Catalyst 9130 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.623 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| psirt@cisco.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-410 Insufficient Resource Pool
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.