CVE-2023-20251 Vulnerability Details

  /     /     /  

CVE-2023-20251 Metadata Quick Info

CVE Published: 27/09/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: cisco | Vendor: Cisco | Product: Cisco Wireless LAN Controller (WLC)
Status : PUBLISHED

CVE-2023-20251 Description

A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.

Metrics

CVSS Version: 3.1 | Base Score: 6.1 MEDIUM
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-401
CWE Name: Missing Release of Memory after Effective Lifetime
Source: Cisco

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: