Input validation error in Cisco Systems, Inc products - CVE-2023-20112
Published: March 23, 2023
Vulnerability identifier: #VU73968
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-20112
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Wireless LAN Controller Software
Cisco Business 150 AP
Cisco Business 151 Mesh Extender
Catalyst 9100 Access Points
Catalyst 9800 Wireless Controller Software
Wireless LAN Controller Software
Cisco Business 150 AP
Cisco Business 151 Mesh Extender
Catalyst 9100 Access Points
Catalyst 9800 Wireless Controller Software
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of certain parameters within 802.11 frames in Cisco access point (AP) software. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.