cbcvebase.
CVE-2021-34770
published 2021-09-23

CVE-2021-34770: A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.87%
85.0th percentile
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_ios_xe_software
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe
ciscoios_xe

Detection & IOCsextracted from sources · hover to see the quote

  • Detect crafted CAPWAP packets targeting Cisco Catalyst 9000 Family Wireless Controllers running IOS XE; monitor for unexpected CAPWAP packet validation failures or malformed CAPWAP traffic inbound to the controller
  • Monitor for device crashes and unexpected reloads on Cisco Catalyst 9000 Family Wireless Controllers, which may indicate exploitation attempts causing DoS
  • Track Cisco Bug ID CSCvw08884 for patch status and affected version enumeration to prioritize vulnerable assets
  • ·Exploitation requires no authentication and is remotely triggerable, meaning any network-accessible CAPWAP interface on affected Catalyst 9000 Family Wireless Controllers is an attack surface

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.