CVE-2024-20303

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition.

Severity	HIGH
CVSS	7.4
CWE	CWE-459
KEV	No
Published	2 years ago
Modified	9 months ago

Related Products

Product	Advisory	Evidence
Cisco IOS	cisco-sa-wlc-mdns-dos-4hv6pBGf	Cisco OpenVuln
Cisco IOS XE Software	cisco-sa-wlc-mdns-dos-4hv6pBGf	Cisco OpenVuln
Cisco Catalyst 9600 Series Switches	cisco-sa-wlc-mdns-dos-4hv6pBGf	Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches	cisco-sa-wlc-mdns-dos-4hv6pBGf	Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches	cisco-sa-wlc-mdns-dos-4hv6pBGf	Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches	cisco-sa-wlc-mdns-dos-4hv6pBGf	Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches	cisco-sa-wlc-mdns-dos-4hv6pBGf	Cisco OpenVuln · software-dependent