CVE-2021-1373
HIGHCisco IOS XE Wireless Controller Software - Unauthenticated Denial of Service via CAPWAP Packet Processing
Title source: llmDescription
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-2OA3JgKS
Scores
CVSS v3
8.6
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-126
Status
published
Products (25)
cisco/ios_xe
16.10.1
cisco/ios_xe
16.10.1e
cisco/ios_xe
16.10.1s
cisco/ios_xe
16.11.1
cisco/ios_xe
16.11.1a
cisco/ios_xe
16.11.1b
cisco/ios_xe
16.11.1c
cisco/ios_xe
16.11.2
cisco/ios_xe
16.12.1
cisco/ios_xe
16.12.1s
... and 15 more
Published
Mar 24, 2021
Tracked Since
Feb 18, 2026