CVE-2023-20067Allocation of Resources Without Limits or Throttling in Cisco IOS XE Software

CWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.4
EPSS
0.2%
top 53.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 23

Description

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to inc

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xe48 versions+47

🔴Vulnerability Details

2
CVEList
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability2023-03-23
GHSA
GHSA-vxxf-3gj9-xh73: A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated2023-03-23

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability2023-03-22
CVE-2023-20067 — Cisco IOS XE Software vulnerability | cvebase