发布日期：2022-09-28
更新日期：2022-11-01

受影响系统：

Cisco Catalyst 9800 Series Wireless Controllers
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9500 Series
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9400 Series
Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300 Series
Cisco Catalyst 9800-CL Wireless Controllers for Cloud

描述：

---

CVE(CAN) ID: CVE-2022-20856

Cisco IOS XE Wireless Controller Software是美国思科（Cisco）公司的一个无线局域网控制器。提供管理网络功能。
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family的CAPWAP移动消息存在拒绝服务漏洞，该漏洞源于程序在处理CAPWAP移动消息时发生逻辑错误和资源管理错误。未经身份认证的远程攻击者可利用该漏洞耗尽受影响设备的资源，导致设备重新加载，从而发生拒绝服务。

<*链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-c9800-mob-dos-342YAc6J）以及相应补丁:
cisco-sa-c9800-mob-dos-342YAc6J：Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J

浏览次数：470
严重程度：0（网友投票）