Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Vulnerability

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to insufficient validation of CAPWAP packets. Affected versions are those prior to the fixed releases described in Cisco Security Advisory cisco-sa-capwap-dos-TPdNTdyq [1].

Exploitation

An attacker can exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device from an adjacent network position. No authentication is required. The attacker must be able to deliver a crafted CAPWAP packet to the target device, which requires adjacency (e.g., within the same broadcast domain or wireless range) [1].

Impact

Successful exploitation causes the affected device to crash and reload, resulting in a denial of service condition. The vulnerability can be exploited repeatedly, leading to sustained DoS [1].

Mitigation

Cisco has released free software updates to address these vulnerabilities. Customers should upgrade to the appropriate fixed version as indicated in the Cisco Security Advisory [1]. The advisory provides details on available releases and instructions for obtaining the updates. No workarounds are mentioned in the reference.