VDB

CVE-2021-34770

CVE-2021-34770 PUBLISHED CVSS 10 CRITICAL

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.

EPSS 1.03% · 77.7th percentile

Risk Scores

CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
1.03%
77.7th percentile

Affected Products

VendorProductVersions
CiscoCisco IOS XE Softwaren/a
ciscoios_xe3.15.2xbs, 16.6.4s, 16.10.1

Exploit Intelligence

Timeline

  • Sep 23, 2021 EPSS Score
  • Sep 23, 2021 CVE Published
  • Nov 19, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 14, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 10, 2022 EPSS Score
  • Jul 6, 2022 EPSS Score
  • Oct 29, 2022 EPSS Score
  • Dec 26, 2022 EPSS Score
  • Feb 21, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›