CVE-2023-20067

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Wireless LAN Controllers (WLCs) (affected versions not specified)

Description A vulnerability in the HTTP-based client profiling feature could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to insufficient input validation of received traffic. An attacker could exploit this by sending crafted traffic through a wireless access point, causing CPU utilization to increase and potentially resulting in a DoS condition, which could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.