CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2023-20202
https://notcve.org/view.php?id=CVE-2023-20202
27 Sep 2023 — A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.5EPSS: 0%CPEs: 64EXPL: 0CVE-2023-20056 – Cisco Access Point Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-20056
23 Mar 2023 — A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload spontaneously, resu... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-cli-dos-tc2EKEpu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 64EXPL: 0CVE-2023-20097 – Cisco Access Point Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-20097
23 Mar 2023 — A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 322EXPL: 0CVE-2022-20919 – Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20919
30 Sep 2022 — A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful expl... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9 • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.9EPSS: 0%CPEs: 30EXPL: 0CVE-2022-20855 – Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-20855
30 Sep 2022 — A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-266: Incorrect Privilege Assignment •
CVSS: 7.4EPSS: 0%CPEs: 73EXPL: 0CVE-2021-34740 – Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-34740
23 Sep 2021 — A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A succ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 330EXPL: 0CVE-2020-26139 – kernel: Forwarding EAPOL from unauthenticated wifi client
https://notcve.org/view.php?id=CVE-2020-26139
11 May 2021 — An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. Se detectó un problema en el kernel en NetBSD versión 7.1. Un punto de acceso (AP) reenvía tramas EAPOL a otros clientes aunque el remitente... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-287: Improper Authentication CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 408EXPL: 0CVE-2020-26140 – kernel: accepting plaintext data frames in protected networks
https://notcve.org/view.php?id=CVE-2020-26140
11 May 2021 — An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. Se detectó un problema en el controlador ALFA de Windows 10 versión 6.1316.1209 para AWUS036H. Las implementaciones WEP, WPA, WPA2 y WPA3 aceptan tramas de texto plano en una red Wi-Fi protegida. • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-346: Origin Validation Error •
CVSS: 3.1EPSS: 0%CPEs: 338EXPL: 1CVE-2020-24587 – kernel: Reassembling fragments encrypted under different keys
https://notcve.org/view.php?id=CVE-2020-24587
11 May 2021 — The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que todos los fragmentos d... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.3EPSS: 0%CPEs: 385EXPL: 1CVE-2020-24588 – kernel: wifi frame payload being parsed incorrectly as an L2 frame
https://notcve.org/view.php?id=CVE-2020-24588
11 May 2021 — The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU ... • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-20: Improper Input Validation CWE-327: Use of a Broken or Risky Cryptographic Algorithm •