CVE-2023-20268

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

4.7MEDIUM

EPSS

0.0%

top 88.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Business 150ax Firmware Cisco Business 151axm Firmware Cisco Catalyst 9800 Embedded Wireless Controller Firmware +4 more

Timeline

PublishedSep 27

Description

A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

▶CVEListV5cisco/cisco_business_wireless_access_point_software17 versions+16

▶CVEListV5cisco/cisco_aironet_access_point_software_(ios_xe_controller)58 versions+57

▶NVDcisco/wireless_lan_controller_software< 8.10.190.0

▶CVEListV5cisco/cisco_aironet_access_point_software105 versions+104

▶NVDcisco/catalyst_9800_embedded_wireless_controller_firmware17.4.0 — 17.6.6+2

🔴Vulnerability Details

CVEList

Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability↗2023-09-27

▶

GHSA

GHSA-p572-r8g2-hv9h: A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaus↗2023-09-27

▶

📋Vendor Advisories

Cisco

Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability↗2023-09-27

▶