CVE-2022-20769

Published: Sep 30, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.

Affected (1)

Products: Cisco: Wireless Lan Controller Software

Cisco

1 product

Wireless Lan Controller Software

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Cisco Wireless Lan Controller Software	Before 8.10.171.0

Running on/with	Platform Versions
Cisco 2504 Wireless Lan Controller	All versions
Cisco 3504 Wireless Lan Controller	All versions
Cisco 5508 Wireless Lan Controller	All versions
Cisco 5520 Wireless Lan Controller	All versions
Cisco 8540 Wireless Lan Controller	All versions
Cisco Flex 7510	All versions
Cisco Virtual Wireless Controller	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.