Networking Component Vulnerability in Cisco Access Point Software
CVE-2023-20176

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco Aironet Access Point Software; Cisco Aironet Access Point Software (IOS XE Controller)
Vendor: CVE Published:; 27 September 2023

Summary

A vulnerability in the networking component of Cisco access point software allows unauthenticated remote attackers to cause temporary service disruption. By connecting to the access point as a wireless client and transmitting excessive traffic for a prolonged duration, the attacker can exploit this weakness. This leads to the tearing down and resetting of the Datagram TLS (DTLS) session, ultimately resulting in a denial of service condition.

Affected Version(s)

Cisco Aironet Access Point Software 8.10.170.0

Cisco Aironet Access Point Software (IOS XE Controller) 16.10.1e

Cisco Aironet Access Point Software (IOS XE Controller) 16.10.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Oct 27, 2022