CVE-2021-1565Double Free in Cisco IOS XE Software

CWE-415Double FreeCWE-476NULL Pointer DereferenceCWE-690Unchecked Return Value to NULL Pointer Dereference4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.3%
top 47.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOS XE SoftwareCisco Catalyst 9800 FirmwareCisco IOS XE
Timeline
PublishedSep 23
Latest updateMay 24

Description

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

NVDcisco/catalyst_9800_firmware17.3, 17.5.1+1
NVDcisco/ios_xe6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-m69p-8v8r-jhcc: Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Cat2022-05-24
CVEList
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities2021-09-23

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities2021-09-22
CVE-2021-1565 — Double Free in Cisco IOS XE Software | cvebase