CVE-2025-20140

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL

Configurations

No configuration.

History

08 May 2025, 14:39

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 18:15

Updated : 2025-05-08 14:39

NVD link : CVE-2025-20140

Mitre link : CVE-2025-20140

CVE.ORG link : CVE-2025-20140

JSON object : View

Products Affected

No product.

CWE

CWE-789

Memory Allocation with Excessive Size Value

{"id": "CVE-2025-20140", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2025-05-07T18:15:36.640", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-789"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el demonio de control de red inal\u00e1mbrica (wncd) del software Cisco IOS XE para controladores de LAN inal\u00e1mbrica (WLC) podr\u00eda permitir que un atacante inal\u00e1mbrico adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a una gesti\u00f3n de memoria inadecuada. Un atacante podr\u00eda explotarla enviando una serie de solicitudes de red IPv6 desde un cliente inal\u00e1mbrico IPv6 asociado a un dispositivo afectado. Para asociar un cliente a un dispositivo, el atacante podr\u00eda necesitar primero autenticarse en la red o asociarse libremente en el caso de una red abierta configurada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar que el proceso wncd consuma memoria disponible y, finalmente, que el dispositivo deje de responder, lo que resulta en una denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2025-05-08T14:39:09.683", "sourceIdentifier": "psirt@cisco.com"}