CVE-2021-34740 – Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34740
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2020-3261 – Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2020-3261
A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user. Una vulnerabilidad en la interfaz de administración basada en web del Software Cisco Mobility Express podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site request forgery (CSRF) sobre un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24 • CWE-352: Cross-Site Request Forgery (CSRF) •