Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Vulnerability

The vulnerability exists in the CAPWAP protocol processing of Cisco IOS XE Software on Catalyst 9800 Series Wireless Controllers. Due to insufficient validation of CAPWAP packets, an unauthenticated, adjacent attacker can send a malformed CAPWAP packet to an affected device, triggering a crash and reload. Affected versions include multiple releases; see the advisory [1] for details.

Exploitation

An attacker needs network adjacency to the affected device (i.e., within the same broadcast domain). No authentication is required. The attacker sends a specially crafted CAPWAP packet to the device. No user interaction is needed.

Impact

Successful exploitation causes the device to crash and reload, resulting in a denial of service (DoS) condition. The device becomes temporarily unavailable until the reload completes.

Mitigation

Cisco has released fixed software versions. Refer to the Cisco Security Advisory [1] for the specific fixed releases. No workaround is available. Customers with service contracts should upgrade to an unaffected version. Those without contracts should contact Cisco TAC.