CVE-2021-1373 — Buffer Over-read in Cisco IOS XE Software

CWE-126 — Buffer Over-read4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.2%

top 58.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software Cisco IOS XE

Timeline

PublishedMar 24

Latest updateMay 24

Description

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A su…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

▶NVDcisco/ios_xe25 versions+24

🔴Vulnerability Details

GHSA

GHSA-m962-hc84-g96g: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software fo↗2022-05-24

▶

CVEList

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability↗2021-03-24

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability↗2021-03-24

▶