CVE-2021-1565

HIGH

Cisco IOS XE - Unauthenticated Denial of Service via CAPWAP Packet Processing

Title source: llm

Description

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-gmNjdKOY

Scores

CVSS v3 8.6

EPSS 0.0030

EPSS Percentile 53.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-415

Status published

Products (9)

cisco/catalyst_9800_firmware 17.3

cisco/catalyst_9800_firmware 17.5.1

cisco/embedded_wireless_controller

cisco/ios_xe 3.15.1xbs

cisco/ios_xe 3.15.2xbs

cisco/ios_xe 17.3.1

cisco/ios_xe 17.3.2

cisco/ios_xe 17.4.1

cisco/ios_xe 17.5.1

Published Sep 23, 2021

Tracked Since Feb 18, 2026