漏洞标题
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
漏洞描述信息
Cisco Catalyst 9000 系列无线控制器的 Cisco IOS XE 软件 CAPWAP 远程代码执行漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
漏洞描述信息
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
漏洞类别
堆缓冲区溢出
漏洞标题
多款 Cisco 产品缓冲区错误漏洞
漏洞描述信息
Cisco IOS等都是美国思科(Cisco)公司的产品。Cisco IOS是一套为其网络设备开发的操作系统。IOS XE是一套为其网络设备开发的操作系统。Cisco IOS XE Software是一个操作系统。 多款 Cisco 产品中存在缓冲区错误漏洞,该漏洞源于产品中 Wireless Controllers未能正确处理畸形的CAPWAP包。攻击者可通过该漏洞执行具有管理权限的代码。
CVSS信息
N/A
漏洞类别
缓冲区错误