CVE-2023-20056

Published: Mar 23, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload spontaneously, resulting in a DoS condition.

Affected (6)

Products: Cisco: Wireless Lan Controller Software, Aironet Access Point Software, Ios Xe

Cisco

3 products

Wireless Lan Controller Software

Aironet Access Point Software

Ios Xe

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Wireless Lan Controller Software	Before 8.10.183.0

Running on/with	Platform Versions
Cisco Esw6300	All versions

Configuration B

1 vulnerable · 57 platform

Vulnerable Software	Affected Versions
Cisco Aironet Access Point Software	Before 17.9.0.135

Running on/with	Platform Versions
Cisco Aironet 1540	All versions
Cisco Aironet 1542d	All versions
Cisco Aironet 1542i	All versions
Cisco Aironet 1560	All versions
Cisco Aironet 1562d	All versions
Cisco Aironet 1562e	All versions
Cisco Aironet 1562i	All versions
Cisco Aironet 1800	All versions
Cisco Aironet 1800i	All versions
Cisco Aironet 1810	All versions
Cisco Aironet 1810w	All versions
Cisco Aironet 1815	All versions
Cisco Aironet 1815i	All versions
Cisco Aironet 1815m	All versions
Cisco Aironet 1815t	All versions
Cisco Aironet 1815w	All versions
Cisco Aironet 2800	All versions
Cisco Aironet 2800e	All versions
Cisco Aironet 2800i	All versions
Cisco Aironet 3800	All versions
Cisco Aironet 3800e	All versions
Cisco Aironet 3800i	All versions
Cisco Aironet 3800p	All versions
Cisco Aironet 4800	All versions
Cisco Catalyst 9100	All versions
Cisco Catalyst 9105	All versions
Cisco Catalyst 9105ax	All versions
Cisco Catalyst 9105axi	All versions
Cisco Catalyst 9105axw	All versions
Cisco Catalyst 9115	All versions
Cisco Catalyst 9115 Ap	All versions
Cisco Catalyst 9115ax	All versions
Cisco Catalyst 9115axe	All versions
Cisco Catalyst 9115axi	All versions
Cisco Catalyst 9117	All versions
Cisco Catalyst 9117 Ap	All versions
Cisco Catalyst 9117ax	All versions
Cisco Catalyst 9117axi	All versions
Cisco Catalyst 9120	All versions
Cisco Catalyst 9120 Ap	All versions
Cisco Catalyst 9120ax	All versions
Cisco Catalyst 9120axe	All versions
Cisco Catalyst 9120axi	All versions
Cisco Catalyst 9120axp	All versions
Cisco Catalyst 9124	All versions
Cisco Catalyst 9124ax	All versions
Cisco Catalyst 9124axd	All versions
Cisco Catalyst 9124axi	All versions
Cisco Catalyst 9130	All versions
Cisco Catalyst 9130 Ap	All versions
Cisco Catalyst 9130ax	All versions
Cisco Catalyst 9130axe	All versions
Cisco Catalyst 9130axi	All versions
Cisco Catalyst Iw6300	All versions
Cisco Catalyst Iw6300 Ac	All versions
Cisco Catalyst Iw6300 Dc	All versions
Cisco Catalyst Iw6300 Dcw	All versions

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xe	Before 16.12.8
Cisco Ios Xe	From 17.1 to 17.3.6
Cisco Ios Xe	From 17.4 to 17.6.5
Cisco Ios Xe	From 17.7 to 17.9.2

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-cli-dos-tc2EKEpu

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-cli-dos-tc2EKEpu

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.