CVE-2023-20202

EPSS 0.08%
Published 27.09.2023 18:15:11
Last modified 21.11.2024 07:40:49
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

 This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version17.9.1

   Cisco ≫ Catalyst 9105i Version-
   Cisco ≫ Catalyst 9105w Version-
   Cisco ≫ Catalyst 9115 Version-
   Cisco ≫ Catalyst 9120 Version-
   Cisco ≫ Catalyst 9124d Version-
   Cisco ≫ Catalyst 9124e Version-
   Cisco ≫ Catalyst 9124i Version-
   Cisco ≫ Catalyst 9130 Version-
   Cisco ≫ Catalyst 9136 Version-
   Cisco ≫ Catalyst 9162 Version-
   Cisco ≫ Catalyst 9164 Version-
   Cisco ≫ Catalyst 9166 Version-
   Cisco ≫ Catalyst 9166d1 Version-
   Cisco ≫ Catalyst 9800-40 Version-
   Cisco ≫ Catalyst 9800-80 Version-
   Cisco ≫ Catalyst 9800-cl Version-
   Cisco ≫ Catalyst 9800-l Version-
   Cisco ≫ Catalyst Iw6300 Version-
   Cisco ≫ Esw6300 Version-
   Cisco ≫ Iw9167eh-x-ap Version-
   Cisco ≫ Iw9167eh-x-urwb Version-
   Cisco ≫ Iw9167eh-x-wgb Version-
   Cisco ≫ Iw9167ih-x-ap Version-

Cisco ≫ Ios Xe Version17.9.1a

Cisco ≫ Ios Xe Version17.9.1w

Cisco ≫ Ios Xe Version17.9.1x

Cisco ≫ Ios Xe Version17.9.1x1

Cisco ≫ Ios Xe Version17.9.1y

Cisco ≫ Ios Xe Version17.9.2

Cisco ≫ Ios Xe Version17.9.2a

Cisco ≫ Ios Xe Version17.9.2b

Cisco ≫ Ios Xe Version17.10.1

Cisco ≫ Ios Xe Version17.10.1a

Cisco ≫ Ios Xe Version17.10.1b

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.243

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@cisco.com	6.1	1.6	4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-789 Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-20202

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20202

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20202

EUVD