2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2023-20067" ,
"sourceIdentifier" : "ykramarz@cisco.com" ,
"published" : "2023-03-23T17:15:14.660" ,
2023-11-07 21:03:21 +00:00
"lastModified" : "2023-11-07T04:05:55.963" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to increase, which could result in a DoS condition on an affected device and could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
2023-11-07 21:03:21 +00:00
} ,
2023-04-24 12:24:31 +02:00
{
2024-04-04 08:46:00 +00:00
"source" : "ykramarz@cisco.com" ,
2023-04-24 12:24:31 +02:00
"type" : "Secondary" ,
"cvssData" : {
2023-11-07 21:03:21 +00:00
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.4 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 4.0
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-770"
}
]
} ,
{
2024-04-04 08:46:00 +00:00
"source" : "ykramarz@cisco.com" ,
2023-04-24 12:24:31 +02:00
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-770"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DB6BD18B-B9BD-452F-986E-16A6668E46B6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "ADED0D82-2A4D-4235-BFAC-5EE2D862B652"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "314C7763-A64D-4023-9F3F-9A821AE4151F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5820D71D-FC93-45AA-BC58-A26A1A39C936"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FC1C85DD-69CC-4AA8-B219-651D57FC3506"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B53E377A-0296-4D7A-B97C-576B0026543D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C98DED36-D4B5-48D6-964E-EEEE97936700"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9027A528-2588-4C06-810B-5BB313FE4323"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7745ED34-D59D-49CC-B174-96BCA03B3374"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D5750264-2990-4942-85F4-DB9746C5CA2B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9173AD6-6658-4267-AAA7-D50D0B657528"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F02EE9D-45B1-43D6-B05D-6FF19472216B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8FCB9440-F470-45D1-AAFA-01FB5D76B600"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5B736F09-3B51-4B2A-92F6-602847001F15"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F58A94E-B050-4EFA-84BA-43B11BA22E77"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5E864BB1-FD23-4AB3-9138-5FD8B62EAF5B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "838D6C2D-C131-4A9C-AAE5-5BF38E637E4B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E306B09C-CB48-4067-B60C-5F738555EEAC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "89369318-2E83-489F-B872-5F2E247BBF8F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8B4D4659-A304-459F-8AB3-ED6D84B44C0F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B51FA707-8DB1-4596-9122-D4BFEF17F400"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "128F95D7-E49F-4B36-8F47-823C0298449E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2B270A04-9961-4E99-806B-441CD674AFBD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1360069D-0358-4746-8C3F-44C2A40988D7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C5DD2403-113B-4100-8BD4-90E1927E6648"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DAF73937-BCE2-4BEF-B4B0-83212DA4A6C8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0CEF022B-271F-4017-B74B-82748D5EBA01"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6B2902D8-3A7B-4C47-9BC6-8CA4C580A346"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8871B890-78F4-4D9D-AEFF-6A393493C51E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9E489AC5-A445-44FF-AA85-F0915577384E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "917BA05C-2A18-4C68-B508-85C2B5A94416"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5A6B707B-4543-41F1-83DF-49A93BF56FB1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "938B0720-8CA7-43BA-9708-5CE9EC7A565A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4DE62C4B-7C06-4907-BADE-416C1618D2D9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "04D19D8C-FACF-49B4-BA99-CC3A3FDADAFB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0B78942C-BEE1-4D18-9075-8E1D991BF621"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9F21093D-1036-4F6B-B90F-ACE1EF99EA33"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "38B87B17-C653-40AC-8AE4-066BB1123C88"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7592C7E3-3735-425F-A276-9EE03224CD5E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5B0C2129-8149-4362-827C-A5494C9D398B"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-dos-wFujBHKw" ,
"source" : "ykramarz@cisco.com" ,
"tags" : [
"Vendor Advisory"
]
}
]
}
