Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution (cisco-sa-ewlc-capwap-rce-LYgj8Kf)

high Nessus Plugin ID 153560

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.

- A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.
(CVE-2021-34770)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvw08884

See Also

http://www.nessus.org/u?f8bccb0c

http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74581

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw08884

Plugin Details

Severity: High

ID: 153560

File Name: cisco-sa-ewlc-capwap-rce-LYgj8Kf-iosxe.nasl

Version: 1.12

Type: combined

Family: CISCO

Published: 9/22/2021

Updated: 9/28/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-34770

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version, Host/Cisco/IOS-XE/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 9/22/2021

Vulnerability Publication Date: 9/22/2021

Reference Information

CVE: CVE-2021-34770

CWE: 122

CISCO-SA: cisco-sa-ewlc-capwap-rce-LYgj8Kf

IAVA: 2021-A-0441-S

CISCO-BUG-ID: CSCvw08884