CVE-2023-20202Memory Allocation with Excessive Size Value in Cisco IOS XE Software

CWE-789Memory Allocation with Excessive Size Value4 documents4 sources
Severity
6.5MEDIUMNVD
CNA6.1
EPSS
0.1%
top 76.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 27

Description

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause th

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software11 versions+10
NVDcisco/ios_xe12 versions+11

🔴Vulnerability Details

2
CVEList
CVE-2023-20202: A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, ad2023-09-27
GHSA
GHSA-9m3w-2ggj-2vqw: A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, ad2023-09-27

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control Denial of Service Vulnerability2023-09-27
CVE-2023-20202 — Cisco IOS XE Software vulnerability | cvebase