Vulnerability Description
A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 17.2.1 |
| Cisco | Catalyst 9800-Cl Wireless Controllers For Cloud | All versions |
| Cisco | Catalyst 9105Axi | - |
| Cisco | Catalyst 9115Axe | - |
| Cisco | Catalyst 9115Axi | - |
| Cisco | Catalyst 9117Axi | - |
| Cisco | Catalyst 9120Axe | - |
| Cisco | Catalyst 9120Axi | - |
| Cisco | Catalyst 9120Axp | - |
| Cisco | Catalyst 9130Axe | - |
| Cisco | Catalyst 9130Axi | - |
| Cisco | Catalyst 9800-40 | - |
| Cisco | Catalyst 9800-80 | - |
| Cisco | Catalyst 9800-L | - |
| Cisco | Catalyst Cw9800H1 | - |
| Cisco | Catalyst Cw9800H2 | - |
| Cisco | Catalyst Cw9800M | - |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
FAQ
What is CVE-2024-20303?
CVE-2024-20303 is a vulnerability with a CVSS score of 7.4 (HIGH). A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service ...
How severe is CVE-2024-20303?
CVE-2024-20303 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-20303?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Catalyst 9800-Cl Wireless Controllers For Cloud, Cisco Catalyst 9105Axi, Cisco Catalyst 9115Axe, Cisco Catalyst 9115Axi.