Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Vulnerability

Multiple vulnerabilities exist in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers. The vulnerabilities are due to insufficient validation of CAPWAP packets. An unauthenticated, adjacent attacker can trigger the flaw by sending a malformed CAPWAP packet to an affected device. The advisory [1] provides details on affected software versions; customers should consult it to determine exposure.

Exploitation

An attacker must be on the same Layer 2 network as the affected device (adjacent access) and does not require authentication. The attacker sends a specially crafted, malformed CAPWAP packet to the device. No user interaction is needed. The packet triggers the vulnerability due to insufficient validation.

Impact

Successful exploitation causes the affected device to crash and reload, resulting in a denial of service (DoS) condition. The device becomes unavailable until the reload completes. No other impact, such as code execution or data disclosure, is described in the available references.

Mitigation

Cisco has released free software updates to address these vulnerabilities, as indicated in the security advisory [1]. Customers should upgrade to a fixed version of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers. No workarounds are mentioned in the advisory. Customers without service contracts should contact the Cisco TAC for assistance.