Lucene search

CiscoCVELIST:CVE-2023-20056

HistoryMar 23, 2023 - 12:00 a.m.

CVE-2023-20056 Cisco Access Point Software Denial of Service Vulnerability

2023-03-2300:00:00

CWE-78

cisco

www.cve.org

cisco

access point

dos

vulnerability

input validation

authenticated

local attacker

management cli

cve-2023-20056

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload spontaneously, resulting in a DoS condition.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Aironet Access Point Software ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-cli-dos-tc2EKEpu

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVELIST:CVE-2023-20056