CVE-2023-20268

Published: Sep 27, 2023Modified: Dec 12, 2024

4.7

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.  This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.

Affected (6)

Products: Cisco: Wireless Lan Controller Software, Catalyst 9800 Embedded Wireless Controller Firmware, Business 150ax Firmware, Business 151axm Firmware

Cisco

4 products

Wireless Lan Controller Software

Catalyst 9800 Embedded Wireless Controller Firmware

Business 150ax Firmware

Business 151axm Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Wireless Lan Controller Software	Before 8.10.190.0

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Catalyst 9800 Embedded Wireless Controller Firmware	Before 17.3.8
Cisco Catalyst 9800 Embedded Wireless Controller Firmware	From 17.4.0 to 17.6.6
Cisco Catalyst 9800 Embedded Wireless Controller Firmware	From 17.8.0 to 17.9.4

Running on/with	Platform Versions
Cisco Catalyst 9800 Embedded Wireless Controller	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Business 150ax Firmware	Before 10.6.2.0

Running on/with	Platform Versions
Cisco Business 150ax	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Business 151axm Firmware	Before 10.6.2.0

Running on/with	Platform Versions
Cisco Business 151axm	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.