CVE-2023-20202

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.

Published: Sep 27, 2023
Updated: Oct 7, 2023
CVE: CVE-2023-20202
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	17.9.1	17.9.1.x
cisco / ios_xe	17.9.1a	17.9.1a.x
cisco / ios_xe	17.9.1w	17.9.1w.x
cisco / ios_xe	17.9.1x	17.9.1x.x
cisco / ios_xe	17.9.1x1	17.9.1x1.x
cisco / ios_xe	17.9.1y	17.9.1y.x
cisco / ios_xe	17.9.2	17.9.2.x
cisco / ios_xe	17.9.2a	17.9.2a.x
cisco / ios_xe	17.9.2b	17.9.2b.x
cisco / ios_xe	17.10.1	17.10.1.x
cisco / ios_xe	17.10.1a	17.10.1a.x
cisco / ios_xe	17.10.1b	17.10.1b.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD

Vulnerability Database

289,599

CVE-2023-20202