CVE-2023-20176

A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-click-ap-dos-wdcXkvnQ	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:catalyst_9166_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9166:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:catalyst_9164_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9164:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:catalyst_9136_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:catalyst_9136:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:catalyst_9130_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:catalyst_9124_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-27 18:15

Updated : 2024-01-25 17:15

NVD link : CVE-2023-20176

Mitre link : CVE-2023-20176

CVE.ORG link : CVE-2023-20176

JSON object : View

Products Affected

cisco

catalyst_9164_firmware
catalyst_9166_firmware
catalyst_9130_firmware
catalyst_9130
catalyst_9136
catalyst_9136_firmware
catalyst_9124
catalyst_9164
catalyst_9166
catalyst_9124_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-20176", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-09-27T18:15:10.923", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-click-ap-dos-wdcXkvnQ", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service.\r\n\r This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition."}, {"lang": "es", "value": "Una vulnerabilidad en el componente de red del software del punto de acceso (AP) de Cisco podr\u00eda permitir que un atacante remoto no autenticado cause una interrupci\u00f3n temporal del servicio. Esta vulnerabilidad se debe al uso excesivo de los recursos AP. Un atacante podr\u00eda aprovechar esta vulnerabilidad conect\u00e1ndose a un AP en un dispositivo afectado como cliente inal\u00e1mbrico y enviando una alta tasa de tr\u00e1fico durante un per\u00edodo prolongado de tiempo. Un exploit exitoso podr\u00eda permitir al atacante provocar que la sesi\u00f3n de Datagram TLS (DTLS) se interrumpa y se reinicie, provocando una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2024-01-25T17:15:32.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:catalyst_9166_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9E58B3F-A839-40D2-94E8-DBBA4233CB6A", "versionEndExcluding": "17.6.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9166:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "774AEB3E-5D6A-4E66-B0B4-C014A7C180E6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:catalyst_9164_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "674A6482-211F-43C7-BB67-4B0DBEB08E2F", "versionEndExcluding": "17.6.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9164:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96E81F0A-5B5C-4DD3-A56F-C7BF53D4B070"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:catalyst_9136_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02DBA4EC-6404-467A-A862-5CF3704CA8CF", "versionEndExcluding": "17.6.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9136:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09185C81-6FDF-4E6D-B8F7-E4B5D77909F4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1C8E35A-5A9B-4D56-A753-937D5CFB5B19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:catalyst_9130_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "396ED75A-FF33-4AE5-BE9F-DBFD111532CF", "versionEndExcluding": "17.6.6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C11EF240-7599-4138-B7A7-17E4479F5B83"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:catalyst_9124_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EEDFEA-1E40-471B-8B2E-363C248F816E", "versionEndExcluding": "17.6.6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}