#VU73971 Input validation error in Cisco Systems, Inc products - CVE-2023-20056
Published: March 23, 2023
Vulnerability identifier: #VU73971
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20056
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Wireless LAN Controller
Catalyst 9800 Wireless Controller Software
Cisco Aironet 1540 Series Access Points
Aironet 1560 Series Access Points
Aironet 1800 Series Access Points
Aironet 2800 Series Access Points
Aironet 3800 Series Access Points
Catalyst 9100 Access Points
Integrated Access Point on 1100 Integrated Services Routers
6300 Series Embedded Services Access Points
Aironet 4800 Access Points
Catalyst IW6300 Heavy Duty Series Access Points
Cisco Wireless LAN Controller
Catalyst 9800 Wireless Controller Software
Cisco Aironet 1540 Series Access Points
Aironet 1560 Series Access Points
Aironet 1800 Series Access Points
Aironet 2800 Series Access Points
Aironet 3800 Series Access Points
Catalyst 9100 Access Points
Integrated Access Point on 1100 Integrated Services Routers
6300 Series Embedded Services Access Points
Aironet 4800 Access Points
Catalyst IW6300 Heavy Duty Series Access Points
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the management CLI. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.