Resource exhaustion in Cisco Systems, Inc products - CVE-2023-20268
Published: September 28, 2023
Vulnerability identifier: #VU81259
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-20268
CWE-ID: CWE-400
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Wireless LAN Controller Software
Catalyst 9800 Wireless Controller Software
Cisco Business 150 Series AP Software
Wireless LAN Controller Software
Catalyst 9800 Wireless Controller Software
Cisco Business 150 Series AP Software
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper control over consumption of internal resources when handling certain types of traffic. A remote attacker on the local network can send specially crafted traffic to the device, trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.