CVE-2023-20251

2023-09-2718:15:11

CWE-119

CWE-401

[email protected]

web.nvd.nist.gov

cve-2023-20251

cisco

wireless lan controller

wlc

aireos software

vulnerability

memory buffer

memory leaks

unauthenticated

denial of service

nvd

6.1 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.9%

JSON

A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot.

This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.

Affected configurations

NVD

Node

ciscomobility_express_softwareMatch-

AND

ciscoaireosRange8.10.150–8.10.190.0

CPENameOperatorVersion
cisco:mobility_express_softwarecisco mobility express softwareeq-

CPE	Name	Operator	Version
cisco:mobility_express_software	cisco mobility express software	eq	-

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Wireless LAN Controller (WLC)",
    "versions": [
      {
        "version": "8.10.162.0",
        "status": "affected"
      },
      {
        "version": "8.10.151.0",
        "status": "affected"
      },
      {
        "version": "8.10.171.0",
        "status": "affected"
      },
      {
        "version": "8.10.170.0",
        "status": "affected"
      },
      {
        "version": "8.10.181.0",
        "status": "affected"
      },
      {
        "version": "8.10.182.0",
        "status": "affected"
      },
      {
        "version": "8.10.183.0",
        "status": "affected"
      },
      {
        "version": "8.10.185.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Mobility Express",
    "versions": [
      {
        "version": "8.10.183.0",
        "status": "affected"
      },
      {
        "version": "8.10.162.0",
        "status": "affected"
      },
      {
        "version": "8.10.151.0",
        "status": "affected"
      },
      {
        "version": "8.10.185.0",
        "status": "affected"
      },
      {
        "version": "8.10.171.0",
        "status": "affected"
      },
      {
        "version": "8.10.182.0",
        "status": "affected"
      },
      {
        "version": "8.10.181.0",
        "status": "affected"
      }
    ]
  }
]