CVE-2023-20176
First published: Wed Sep 27 2023(Updated: )
A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Catalyst 9166 Firmware | <17.6.6 | |
| Cisco Catalyst 9166 | ||
| Cisco Catalyst 9164 Firmware | <17.6.6 | |
| Cisco Catalyst 9164 | ||
| Cisco Catalyst 9136 Firmware | <17.6.6 | |
| Cisco Catalyst 9136 | ||
| Cisco Catalyst 9130 Firmware | <17.6.6 | |
| Cisco Catalyst 9130 | ||
| Cisco Catalyst 9124 Firmware | <17.6.6 | |
| Cisco Catalyst 9124 | ||
| All of | ||
| Cisco Catalyst 9166 Firmware | <17.6.6 | |
| Cisco Catalyst 9166 | ||
| All of | ||
| Cisco Catalyst 9164 Firmware | <17.6.6 | |
| Cisco Catalyst 9164 | ||
| All of | ||
| Cisco Catalyst 9136 Firmware | <17.6.6 | |
| Cisco Catalyst 9136 | ||
| All of | ||
| Cisco Catalyst 9130 Firmware | <17.6.6 | |
| Cisco Catalyst 9130 | ||
| All of | ||
| Cisco Catalyst 9124 Firmware | <17.6.6 | |
| Cisco Catalyst 9124 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Cisco access point software vulnerability?
The vulnerability ID is CVE-2023-20176.
What is the severity rating of CVE-2023-20176?
The severity rating of CVE-2023-20176 is 8.6 (high).
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by connecting to an access point.
Which software versions are affected by CVE-2023-20176?
The Cisco Catalyst 9166, 9164, 9136, 9130, and 9124 firmware versions up to and excluding 17.6.6 are affected.
How can I fix CVE-2023-20176?
Cisco has provided a fix for this vulnerability, which can be found in the reference link provided.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco catalyst 9166 firmware
- canonical/cisco catalyst 9166
- canonical/cisco catalyst 9164 firmware
- canonical/cisco catalyst 9164
- canonical/cisco catalyst 9136 firmware
- canonical/cisco catalyst 9136
- canonical/cisco catalyst 9130 firmware
- canonical/cisco catalyst 9130
- canonical/cisco catalyst 9124 firmware
- canonical/cisco catalyst 9124