CVE-2021-1615Insufficient Resource Pool in Cisco Embedded Wireless Controller

CWE-410Insufficient Resource PoolCWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.4%
top 36.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Embedded Wireless ControllerCisco IOS XE Software
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a Do

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-25r3-37cq-xj9m: A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could all2022-05-24
CVEList
Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability2021-09-23

📋Vendor Advisories

1
Cisco
Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability2021-09-22
CVE-2021-1615 — Insufficient Resource Pool in Cisco | cvebase