CVE-2025-20140 | THREATINT

Description

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition.

Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-07 | Assigner cisco

HIGH: 7.4CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Problem types

Uncontrolled Memory Allocation

Product status

16.4.1

affected

16.4.2

affected

16.4.3

affected

16.5.1

affected

16.5.1a

affected

16.5.1b

affected

16.5.2

affected

16.5.3

affected

16.6.1

affected

16.6.2

affected

16.6.3

affected

16.6.4

affected

16.6.5

affected

16.6.4a

affected

16.6.5a

affected

16.6.6

affected

16.6.7

affected

16.6.8

affected

16.6.9

affected

16.6.10

affected

16.7.1

affected

16.7.1a

affected

16.7.1b

affected

16.7.2

affected

16.7.3

affected

16.7.4

affected

16.8.1

affected

16.8.1a

affected

16.8.1b

affected

16.8.1s

affected

16.8.1c

affected

16.8.1d

affected

16.8.2

affected

16.8.1e

affected

16.8.3

affected

16.9.1

affected

16.9.2

affected

16.9.1a

affected

16.9.1b

affected

16.9.1s

affected

16.9.3

affected

16.9.4

affected

16.9.3a

affected

16.9.5

affected

16.9.5f

affected

16.9.6

affected

16.9.7

affected

16.9.8

affected

16.10.1

affected

16.10.1a

affected

16.10.1b

affected

16.10.1s

affected

16.10.1c

affected

16.10.1e

affected

16.10.1d

affected

16.10.2

affected

16.10.1f

affected

16.10.1g

affected

16.10.3

affected

16.11.1

affected

16.11.1a

affected

16.11.1b

affected

16.11.2

affected

16.11.1s

affected

16.12.1

affected

16.12.1s

affected

16.12.1a

affected

16.12.1c

affected

16.12.1w

affected

16.12.2

affected

16.12.1y

affected

16.12.2a

affected

16.12.3

affected

16.12.8

affected

16.12.2s

affected

16.12.1x

affected

16.12.1t

affected

16.12.4

affected

16.12.3s

affected

16.12.3a

affected

16.12.4a

affected

16.12.5

affected

16.12.6

affected

16.12.1z1

affected

16.12.5a

affected

16.12.5b

affected

16.12.1z2

affected

16.12.6a

affected

16.12.7

affected

16.12.9

affected

16.12.10

affected

16.12.10a

affected

16.12.11

affected

16.12.12

affected

17.1.1

affected

17.1.1a

affected

17.1.1s

affected

17.1.1t

affected

17.1.3

affected

17.2.1

affected

17.2.1r

affected

17.2.1a

affected

17.2.1v

affected

17.2.2

affected

17.2.3

affected

17.3.1

affected

17.3.2

affected

17.3.3

affected

17.3.1a

affected

17.3.1w

affected

17.3.2a

affected

17.3.1x

affected

17.3.1z

affected

17.3.4

affected

17.3.5

affected

17.3.4a

affected

17.3.6

affected

17.3.4b

affected

17.3.4c

affected

17.3.5a

affected

17.3.5b

affected

17.3.7

affected

17.3.8

affected

17.3.8a

affected

17.4.1

affected

17.4.2

affected

17.4.1a

affected

17.4.1b

affected

17.4.2a

affected

17.5.1

affected

17.5.1a

affected

17.6.1

affected

17.6.2

affected

17.6.1w

affected

17.6.1a

affected

17.6.1x

affected

17.6.3

affected

17.6.1y

affected

17.6.1z

affected

17.6.3a

affected

17.6.4

affected

17.6.1z1

affected

17.6.5

affected

17.6.6

affected

17.6.6a

affected

17.6.5a

affected

17.6.7

affected

17.6.8

affected

17.6.8a

affected

17.7.1

affected

17.7.1a

affected

17.7.1b

affected

17.7.2

affected

17.10.1

affected

17.10.1a

affected

17.10.1b

affected

17.8.1

affected

17.8.1a

affected

17.9.1

affected

17.9.1w

affected

17.9.2

affected

17.9.1a

affected

17.9.1x

affected

17.9.1y

affected

17.9.3

affected

17.9.2a

affected

17.9.1x1

affected

17.9.3a

affected

17.9.4

affected

17.9.1y1

affected

17.9.5

affected

17.9.4a

affected

17.9.5a

affected

17.9.5b

affected

17.9.5e

affected

17.9.5f

affected

17.11.1

affected

17.11.1a

affected

17.12.1

affected

17.12.1w

affected

17.12.1a

affected

17.12.1x

affected

17.12.2

affected

17.12.3

affected

17.12.2a

affected

17.12.1y

affected

17.12.1z

affected

17.12.3a

affected

17.12.1z1

affected

17.13.1

affected

17.13.1a

affected

17.14.1

affected

17.14.1a

affected

17.11.99SW

affected

References

sec.cloudapps.cisco.com/...visory/cisco-sa-wlc-wncd-p6Gvt6HL (cisco-sa-wlc-wncd-p6Gvt6HL)

cve.org (CVE-2025-20140)

nvd.nist.gov (CVE-2025-20140)

Download JSON