6.5

CVE-2023-20056

A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload spontaneously, resulting in a DoS condition.

Data is provided by the National Vulnerability Database (NVD)
CiscoWireless Lan Controller Software Version < 8.10.183.0
   CiscoEsw6300 Version-
CiscoAironet Access Point Software Version < 17.9.0.135
   CiscoAironet 1540 Version-
   CiscoAironet 1542d Version-
   CiscoAironet 1542i Version-
   CiscoAironet 1560 Version-
   CiscoAironet 1562d Version-
   CiscoAironet 1562e Version-
   CiscoAironet 1562i Version-
   CiscoAironet 1800 Version-
   CiscoAironet 1800i Version-
   CiscoAironet 1810 Version-
   CiscoAironet 1810w Version-
   CiscoAironet 1815 Version-
   CiscoAironet 1815i Version-
   CiscoAironet 1815m Version-
   CiscoAironet 1815t Version-
   CiscoAironet 1815w Version-
   CiscoAironet 2800 Version-
   CiscoAironet 2800e Version-
   CiscoAironet 2800i Version-
   CiscoAironet 3800 Version-
   CiscoAironet 3800e Version-
   CiscoAironet 3800i Version-
   CiscoAironet 3800p Version-
   CiscoAironet 4800 Version-
   CiscoCatalyst 9100 Version-
   CiscoCatalyst 9105 Version-
   CiscoCatalyst 9105ax Version-
   CiscoCatalyst 9105axi Version-
   CiscoCatalyst 9105axw Version-
   CiscoCatalyst 9115 Version-
   CiscoCatalyst 9115 Ap Version-
   CiscoCatalyst 9115ax Version-
   CiscoCatalyst 9115axe Version-
   CiscoCatalyst 9115axi Version-
   CiscoCatalyst 9117 Version-
   CiscoCatalyst 9117 Ap Version-
   CiscoCatalyst 9117ax Version-
   CiscoCatalyst 9117axi Version-
   CiscoCatalyst 9120 Version-
   CiscoCatalyst 9120 Ap Version-
   CiscoCatalyst 9120ax Version-
   CiscoCatalyst 9120axe Version-
   CiscoCatalyst 9120axi Version-
   CiscoCatalyst 9120axp Version-
   CiscoCatalyst 9124 Version-
   CiscoCatalyst 9124ax Version-
   CiscoCatalyst 9124axd Version-
   CiscoCatalyst 9124axi Version-
   CiscoCatalyst 9130 Version-
   CiscoCatalyst 9130 Ap Version-
   CiscoCatalyst 9130ax Version-
   CiscoCatalyst 9130axe Version-
   CiscoCatalyst 9130axi Version-
   CiscoCatalyst Iw6300 Version-
   CiscoCatalyst Iw6300 Ac Version-
   CiscoCatalyst Iw6300 Dc Version-
   CiscoCatalyst Iw6300 Dcw Version-
CiscoIos Xe Version < 16.12.8
CiscoIos Xe Version >= 17.1 < 17.3.6
CiscoIos Xe Version >= 17.4 < 17.6.5
CiscoIos Xe Version >= 17.7 < 17.9.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.165
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
psirt@cisco.com 6.5 2 4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.