VDB

CVE-2021-34740

CVE-2021-34740 PUBLISHED CVSS 7.400000095367432 HIGH

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.

EPSS 0.10% · 27.4th percentile

Risk Scores

CVSS 3.1
7.400000095367432
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.10%
27.4th percentile

Affected Products

VendorProductVersions
ciscoaironet_access_point_software8.10.0, 17.3, 17.2
CiscoCisco Aironet Access Point Softwaren/a

Exploit Intelligence

Timeline

  • Sep 23, 2021 CVE Published
  • Sep 23, 2021 EPSS Score
  • Nov 19, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 15, 2022 EPSS Score
  • Mar 14, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 10, 2022 EPSS Score
  • Jul 6, 2022 EPSS Score
  • Sep 2, 2022 EPSS Score
  • Oct 29, 2022 EPSS Score
  • Dec 26, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›