CVE-2023-20100Use of Multiple Resources with Duplicate Identifier in Cisco IOS XE Software

CWE-694Use of Multiple Resources with Duplicate Identifier6 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
1.1%
top 22.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 23
Latest updateJul 7

Description

A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error that occurs when certain conditions are met during the AP joining process. An attacker could exploit this vulnerability by adding an AP that is und

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe17.10.1

🔴Vulnerability Details

2
GHSA
GHSA-hgvf-mqv4-fv8v: A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE S2023-03-23
CVEList
Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability2023-03-23

💥Exploits & PoCs

1
Exploit-DB
Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution2023-07-07

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability2023-03-22
CVE-2023-20100 — Cisco IOS XE Software vulnerability | cvebase