Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-34740 |
CWE-ID | CWE-401 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
6300 Series Embedded Services Access Points Other software / Other software solutions Aironet 4800 Access Points Other software / Other software solutions Catalyst IW6300 Heavy Duty Series Access Points Other software / Other software solutions Cisco Aironet 1540 Series Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Aironet 1560 Series Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Aironet 1800 Series Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Aironet 2800 Series Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Aironet 3800 Series Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Catalyst 9100 Hardware solutions / Routers & switches, VoIP, GSM, etc Integrated Access Point on 1100 Integrated Services Routers Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Catalyst 9800 Wireless Controller Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Wireless LAN Controller Hardware solutions / Firmware |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU56833
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34740
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the WLAN Control Protocol (WCP) implementation. A remote attacker on the local network can force the application to leak memory and perform denial of service attack.
MitigationInstall updates from vendor's website.
Vulnerable software versions6300 Series Embedded Services Access Points: All versions
Cisco Aironet 1540 Series Access Points: All versions
Cisco Aironet 1560 Series Access Points: All versions
Cisco Aironet 1800 Series Access Points: All versions
Cisco Aironet 2800 Series Access Points: All versions
Cisco Aironet 3800 Series Access Points: All versions
Aironet 4800 Access Points: All versions
Cisco Catalyst 9100: All versions
Catalyst IW6300 Heavy Duty Series Access Points: All versions
Integrated Access Point on 1100 Integrated Services Routers: All versions
Cisco Wireless LAN Controller: 8.10
Cisco Catalyst 9800 Wireless Controller: 17.2 - 17.3
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.