Main Vulnerability Database Vulnerabilities #VU87904

#VU87904 Incomplete cleanup in Cisco Systems, Inc products - CVE-2024-20303

Published: March 28, 2024 / Updated: March 29, 2024

Vulnerability identifier: #VU87904

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-20303

CWE-ID: CWE-459

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE
Catalyst 9800-CL Wireless Controllers for Cloud
Catalyst 9800 Embedded Wireless Controller
Catalyst 9800 Series Wireless Controllers
Embedded Wireless Controller on Catalyst Access Points

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incomplete cleanup in the multicast DNS (mDNS) gateway feature. A remote attacker on the local network can cause the wireless controller to have high CPU utilization, leading to denial of service condition.

Remediation

Install updates from vendor's website.

External links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf

#VU87904 Incomplete cleanup in Cisco Systems, Inc products - CVE-2024-20303

Description

Remediation

External links

Please verify you're human