Memory leak in Cisco Systems, Inc products - CVE-2023-20251
Published: September 29, 2023
Vulnerability identifier: #VU81284
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20251
CWE-ID: CWE-401
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Wireless LAN Controller (WLC) AireOS Software
Virtual Wireless LAN Controller (vWLC)
Cisco Mobility Express
Cisco Wireless LAN Controller (WLC) AireOS Software
Virtual Wireless LAN Controller (vWLC)
Cisco Mobility Express
Detailed vulnerability description
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the memory buffer. A remote attacker on the local network can force the application to leak memory and perform denial of service attack.
How to mitigate CVE-2023-20251
Install updates from vendor's website.