CVE-2023-20251Missing Release of Memory after Effective Lifetime in Cisco Mobility Express

CWE-401Missing Release of Memory after Effective LifetimeCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
5.3MEDIUMNVD
CNA6.1
EPSS
0.1%
top 73.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Mobility ExpressCisco Wireless LAN Controller
Timeline
PublishedSep 27

Description

A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allo

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_wireless_lan_controller8 versions+7
CVEListV5cisco/cisco_mobility_express7 versions+6

🔴Vulnerability Details

2
CVEList
CVE-2023-20251: A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause2023-09-27
GHSA
GHSA-96j4-p2p4-vfgj: A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause2023-09-27

📋Vendor Advisories

1
Cisco
Cisco Wireless LAN Controller AireOS Software Denial of Service Vulnerability2023-09-27
CVE-2023-20251 — Cisco Mobility Express vulnerability | cvebase