Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
Vulnerability Description
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
多款 Cisco 产品缓冲区错误漏洞
Vulnerability Description
Cisco IOS等都是美国思科(Cisco)公司的产品。Cisco IOS是一套为其网络设备开发的操作系统。IOS XE是一套为其网络设备开发的操作系统。Cisco IOS XE Software是一个操作系统。 多款 Cisco 产品中存在缓冲区错误漏洞,该漏洞源于产品中 Wireless Controllers未能正确处理畸形的CAPWAP包。攻击者可通过该漏洞执行具有管理权限的代码。
CVSS Information
N/A
Vulnerability Type
N/A