Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20268

A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.  This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.

Published

2023-09-27T18:15:11.827

Last Modified

2024-12-12T18:15:21.377

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	wireless_lan_controller_software	< 8.10.190.0	Yes
Operating System	cisco	catalyst_9800_embedded_wireless_controller_firmware	< 17.3.8	Yes
Operating System	cisco	catalyst_9800_embedded_wireless_controller_firmware	< 17.6.6	Yes
Operating System	cisco	catalyst_9800_embedded_wireless_controller_firmware	< 17.9.4	Yes
Hardware	cisco	catalyst_9800_embedded_wireless_controller	-	No
Operating System	cisco	business_150ax_firmware	< 10.6.2.0	Yes
Hardware	cisco	business_150ax	-	No
Operating System	cisco	business_151axm_firmware	< 10.6.2.0	Yes
Hardware	cisco	business_151axm	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)