CVE-2023-20202 - Vulnerability Details

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Catalyst 9105i Catalyst 9105w Catalyst 9115 Catalyst 9120 Catalyst 9124d Catalyst 9124e Catalyst 9124i Catalyst 9130 Catalyst 9136 Catalyst 9162 Catalyst 9164 Catalyst 9166 Catalyst 9166d1 Catalyst 9800-40 Catalyst 9800-80 Catalyst 9800-cl Catalyst 9800-l Catalyst Iw6300 Esw6300 Ios Xe Iw9167eh-x-ap Iw9167eh-x-urwb Iw9167eh-x-wgb Iw9167ih-x-ap

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios_xe:17.9.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1w:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1x:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1x1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1y:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.2a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.2b:::::::*
	cpe:2.3:o:cisco:ios_xe:17.10.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.10.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.10.1b:::::::*

OR	cpe:2.3:h:cisco:catalyst_9105i:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105w:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124d:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124i:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130:-:::::::*
	cpe:2.3:h:cisco:catalyst_9136:-:::::::*
	cpe:2.3:h:cisco:catalyst_9162:-:::::::*
	cpe:2.3:h:cisco:catalyst_9164:-:::::::*
	cpe:2.3:h:cisco:catalyst_9166:-:::::::*
	cpe:2.3:h:cisco:catalyst_9166d1:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300:-:::::::*
	cpe:2.3:h:cisco:esw6300:-:::::::*
	cpe:2.3:h:cisco:iw9167eh-x-ap:-:::::::*
	cpe:2.3:h:cisco:iw9167eh-x-urwb:-:::::::*
	cpe:2.3:h:cisco:iw9167eh-x-wgb:-:::::::*
	cpe:2.3:h:cisco:iw9167ih-x-ap:-:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD

History

Thu, 21 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-09-27T17:24:05.086Z

Updated: 2024-11-21T21:43:32.060Z

Reserved: 2022-10-27T18:47:50.367Z

Link: CVE-2023-20202

Vulnrichment

Updated: 2024-08-02T09:05:35.862Z

NVD

Status : Modified

Published: 2023-09-27T18:15:11.177

Modified: 2024-11-21T07:40:49.307

Link: CVE-2023-20202

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object