Memory leak in Cisco Systems, Inc products - CVE-2021-34740
Published: September 23, 2021
Vulnerability identifier: #VU56833
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-34740
CWE-ID: CWE-401
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
6300 Series Embedded Services Access Points
Aironet 4800 Access Points
Catalyst IW6300 Heavy Duty Series Access Points
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco Catalyst 9100
Integrated Access Point on 1100 Integrated Services Routers
Cisco Catalyst 9800 Wireless Controller
Cisco Wireless LAN Controller
6300 Series Embedded Services Access Points
Aironet 4800 Access Points
Catalyst IW6300 Heavy Duty Series Access Points
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco Catalyst 9100
Integrated Access Point on 1100 Integrated Services Routers
Cisco Catalyst 9800 Wireless Controller
Cisco Wireless LAN Controller
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the WLAN Control Protocol (WCP) implementation. A remote attacker on the local network can force the application to leak memory and perform denial of service attack.
Remediation
Install updates from vendor's website.