CVE-2022-20847 The DHCP functionality of Cisco IOS XE Wireless Controller could be vulnerable and could cause a DoS.

This vulnerability affects the following Cisco products: Cisco IOS XE Software for Catalyst 9000 Family Wireless Routers Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller Software with Advanced IP Services (AIPS) Cisco Wireless LAN Controller Software with Advanced Services (AAS) Cisco Unified Computing System (UCS) Software Cisco Unified Computing System (UCS) Hardware When running a vulnerable release of Cisco IOS XE Software on the Cisco Catalyst 9000 Family devices, the system may not be protected from a DoS attack due to the improper processing of DHCP messages. Cisco has received reports that indicate that this vulnerability could be exploited to cause a device to reload, resulting in a DoS condition. Cisco has identified this vulnerability in its Cisco IOS XE Software releases for the Cisco Catalyst 9000 Family. There are no known public exploits in the wild at this time. There are no workarounds that address this vulnerability. Cisco IOS XE Software users are urged to upgrade to a non-vulnerable release or apply the mitigations documented in this advisory. Cisco has taken the following actions to address this issue: released software updates that contain a fix for this issue; and released software updates that contain a fix for other issues. Cisco recommends users install these software updates as soon as possible

Description

A vulnerability affecting the Cisco IOS XE Software for the Catalyst 9000 Family devices has been identified. The vulnerability could be exploited to cause a device to reload, resulting in a denial-of-service condition.

Products Affected by CVE-2022 -20847

Cisco IOS XE Software for Catalyst 9000 Family Wireless Routers Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller Software with Advanced IP Services (AIPS) Cisco Wireless LAN Controller Software with Advanced Services (AAS) Cisco Unified Computing System (UCS) Hardware

Timeline

Published on: 09/30/2022 19:15:00 UTC
Last modified on: 10/05/2022 16:17:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20847