CVE-2023-20176

Summary

CVE	CVE-2023-20176
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-09-27 18:15:00 UTC
Updated	2024-01-25 17:15:00 UTC
Description	A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition.

Risk And Classification

Problem Types: CWE-400

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Catalyst 9124	-	All	All	All
Operating System	Cisco	Catalyst 9124 Firmware	All	All	All	All
Hardware	Cisco	Catalyst 9130	-	All	All	All
Operating System	Cisco	Catalyst 9130 Firmware	All	All	All	All
Hardware	Cisco	Catalyst 9136	-	All	All	All
Operating System	Cisco	Catalyst 9136 Firmware	All	All	All	All
Hardware	Cisco	Catalyst 9164	-	All	All	All
Operating System	Cisco	Catalyst 9164 Firmware	All	All	All	All
Hardware	Cisco	Catalyst 9166	-	All	All	All
Operating System	Cisco	Catalyst 9166 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Cisco Catalyst 9100 Access Points Denial of Service Vulnerability	MISC	sec.cloudapps.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317373 Cisco Catalyst 9100 Access Points Denial of Service (DoS) Vulnerability (cisco-sa-click-ap-dos-wdcXkvnQ)