Detections
Analytics

Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service (cisco-sa-ewlc-capwap-dos-gmNjdKOY)

high Nessus Plugin ID 153563

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities.
 - Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.
 (CVE-2021-1565, CVE-2021-34768, CVE-2021-34769) Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvu73277, CSCvv76805, CSCvw03037, CSCvw53824

See Also

http://www.nessus.org/u?0ab5cb4c

http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74581

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu73277

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv76805

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw03037

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw53824

Plugin Details

Severity: High

ID: 153563

File Name: cisco-sa-ewlc-capwap-dos-gmNjdKOY-iosxe.nasl

Version: 1.18

Type: combined

Family: CISCO

Published: 9/22/2021

Updated: 9/28/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2021-34769

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-1565

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version, Host/Cisco/IOS-XE/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 9/22/2021

Vulnerability Publication Date: 9/22/2021

Reference Information

CVE: CVE-2021-1565, CVE-2021-34768, CVE-2021-34769

CWE: 415, 476, 690

CISCO-SA: cisco-sa-ewlc-capwap-dos-gmNjdKOY

IAVA: 2021-A-0441-S

CISCO-BUG-ID: CSCvu73277, CSCvv76805, CSCvw03037, CSCvw53824