CVE-2023-20202
Summary
| CVE | CVE-2023-20202 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-27 18:15:00 UTC |
| Updated | 2024-01-25 17:15:00 UTC |
| Description | A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Catalyst 9105i | - | All | All | All |
| Hardware | Cisco | Catalyst 9105w | - | All | All | All |
| Hardware | Cisco | Catalyst 9115 | - | All | All | All |
| Hardware | Cisco | Catalyst 9120 | - | All | All | All |
| Hardware | Cisco | Catalyst 9124d | - | All | All | All |
| Hardware | Cisco | Catalyst 9124e | - | All | All | All |
| Hardware | Cisco | Catalyst 9124i | - | All | All | All |
| Hardware | Cisco | Catalyst 9130 | - | All | All | All |
| Hardware | Cisco | Catalyst 9136 | - | All | All | All |
| Hardware | Cisco | Catalyst 9162 | - | All | All | All |
| Hardware | Cisco | Catalyst 9164 | - | All | All | All |
| Hardware | Cisco | Catalyst 9166 | - | All | All | All |
| Hardware | Cisco | Catalyst 9166d1 | - | All | All | All |
| Hardware | Cisco | Catalyst 9800-40 | - | All | All | All |
| Hardware | Cisco | Catalyst 9800-80 | - | All | All | All |
| Hardware | Cisco | Catalyst 9800-cl | - | All | All | All |
| Hardware | Cisco | Catalyst 9800-l | - | All | All | All |
| Hardware | Cisco | Catalyst Iw6300 | - | All | All | All |
| Hardware | Cisco | Esw6300 | - | All | All | All |
| Operating System | Cisco | Ios Xe | 17.10.1 | All | All | All |
| Operating System | Cisco | Ios Xe | 17.10.1a | All | All | All |
| Operating System | Cisco | Ios Xe | 17.10.1b | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.1 | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.1a | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.1w | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.1x | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.1x1 | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.1y | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.2 | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.2a | All | All | All |
| Operating System | Cisco | Ios Xe | 17.9.2b | All | All | All |
| Hardware | Cisco | Iw9167eh-x-ap | - | All | All | All |
| Hardware | Cisco | Iw9167eh-x-urwb | - | All | All | All |
| Hardware | Cisco | Iw9167eh-x-wgb | - | All | All | All |
| Hardware | Cisco | Iw9167ih-x-ap | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control Denial of Service Vulnerability | MISC | sec.cloudapps.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 317375 Cisco Internetwork Operating System (IOS) XE Denial of Service (DoS) Vulnerability (cisco-sa-wlc-wncd-HFGMsfSD)