Description

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition.

INFO

Published Date :

2025-05-07T17:36:49.207Z

Last Modified :

2025-05-07T17:51:42.769Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2025-20140 vulnerability.

Vendors Products
Cisco
  • Catalyst 9105axi
  • Catalyst 9115axe
  • Catalyst 9115axi
  • Catalyst 9117axi
  • Catalyst 9120axe
  • Catalyst 9120axi
  • Catalyst 9120axp
  • Catalyst 9130axe
  • Catalyst 9130axi
  • Catalyst 9800-40
  • Catalyst 9800-80
  • Catalyst 9800-cl Wireless Controllers For Cloud
  • Catalyst 9800-l
  • Catalyst Cw9800h1
  • Catalyst Cw9800h2
  • Catalyst Cw9800m
  • Ios Xe
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20140.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact