CVE-2022-20769Out-of-bounds Write in Cisco Wireless LAN Controller Software

CWE-787Out-of-bounds Write4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.4
EPSS
0.1%
top 83.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Wireless LAN Controller SoftwareCisco Wireless LAN Controller
Timeline
PublishedSep 30
Latest updateOct 1

Description

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS conditio

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3phq-3jhx-rrhw: A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent at2022-10-01
CVEList
Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability2022-09-30

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability2022-09-28
CVE-2022-20769 — Out-of-bounds Write in Cisco | cvebase