Vulnerability Details CVE-2023-20202
A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.3%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-20202
-
cpe:2.3:h:cisco:catalyst_9105i:-
-
cpe:2.3:h:cisco:catalyst_9105w:-
-
cpe:2.3:h:cisco:catalyst_9115:-
-
cpe:2.3:h:cisco:catalyst_9120:-
-
cpe:2.3:h:cisco:catalyst_9124d:-
-
cpe:2.3:h:cisco:catalyst_9124e:-
-
cpe:2.3:h:cisco:catalyst_9124i:-
-
cpe:2.3:h:cisco:catalyst_9130:-
-
cpe:2.3:h:cisco:catalyst_9136:-
-
cpe:2.3:h:cisco:catalyst_9162:-
-
cpe:2.3:h:cisco:catalyst_9164:-
-
cpe:2.3:h:cisco:catalyst_9166:-
-
cpe:2.3:h:cisco:catalyst_9166d1:-
-
cpe:2.3:h:cisco:catalyst_9800-40:-
-
cpe:2.3:h:cisco:catalyst_9800-80:-
-
cpe:2.3:h:cisco:catalyst_9800-cl:-
-
cpe:2.3:h:cisco:catalyst_9800-l:-
-
cpe:2.3:h:cisco:catalyst_iw6300:-
-
cpe:2.3:h:cisco:esw6300:-
-
cpe:2.3:h:cisco:iw9167eh-x-ap:-
-
cpe:2.3:h:cisco:iw9167eh-x-urwb:-
-
cpe:2.3:h:cisco:iw9167eh-x-wgb:-
-
cpe:2.3:h:cisco:iw9167ih-x-ap:-
-
cpe:2.3:o:cisco:ios_xe:17.10.1
-
cpe:2.3:o:cisco:ios_xe:17.10.1a
-
cpe:2.3:o:cisco:ios_xe:17.10.1b
-
cpe:2.3:o:cisco:ios_xe:17.9.1
-
cpe:2.3:o:cisco:ios_xe:17.9.1a
-
cpe:2.3:o:cisco:ios_xe:17.9.1w
-
cpe:2.3:o:cisco:ios_xe:17.9.1x
-
cpe:2.3:o:cisco:ios_xe:17.9.1x1
-
cpe:2.3:o:cisco:ios_xe:17.9.1y
-
cpe:2.3:o:cisco:ios_xe:17.9.2
-
cpe:2.3:o:cisco:ios_xe:17.9.2a
-
cpe:2.3:o:cisco:ios_xe:17.9.2b