Vulnerability Description
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 17.9.1 |
| Cisco | Catalyst 9105I | - |
| Cisco | Catalyst 9105W | - |
| Cisco | Catalyst 9115 | - |
| Cisco | Catalyst 9120 | - |
| Cisco | Catalyst 9124D | - |
| Cisco | Catalyst 9124E | - |
| Cisco | Catalyst 9124I | - |
| Cisco | Catalyst 9130 | - |
| Cisco | Catalyst 9136 | - |
| Cisco | Catalyst 9162 | - |
| Cisco | Catalyst 9164 | - |
| Cisco | Catalyst 9166 | - |
| Cisco | Catalyst 9166D1 | - |
| Cisco | Catalyst 9800-40 | - |
| Cisco | Catalyst 9800-80 | - |
| Cisco | Catalyst 9800-Cl | - |
| Cisco | Catalyst 9800-L | - |
| Cisco | Catalyst Iw6300 | - |
| Cisco | Esw6300 | - |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
FAQ
What is CVE-2023-20202?
CVE-2023-20202 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)...
How severe is CVE-2023-20202?
CVE-2023-20202 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20202?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Catalyst 9105I, Cisco Catalyst 9105W, Cisco Catalyst 9115, Cisco Catalyst 9120.