CVE-2021-34740

HIGH

Cisco Aironet Access Point Software < 8.10.162.0 - Memory Leak

Title source: rule

Description

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL

Scores

CVSS v3 7.4

EPSS 0.0010

EPSS Percentile 27.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (3)

cisco/aironet_access_point_software < 8.10.162.0

cisco/aironet_access_point_software

Timeline

Published Sep 23, 2021

Tracked Since Feb 18, 2026