Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability

Vulnerability

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The issue is due to insufficient packet verification for traffic inspected by the AVC feature. Affected versions include Cisco IOS XE Software releases running on Catalyst 9800 Series Wireless Controllers with the AVC-FNF feature enabled.

Exploitation

An attacker can exploit this vulnerability by sending crafted packets from the wired network to a wireless client. The crafted packets are then processed by the wireless controller, triggering the vulnerability. No authentication is required, and the attacker does not need any prior access to the device.

Impact

Successful exploitation results in a crash and reload of the affected device, causing a denial of service (DoS) condition. This disruption affects all traffic handled by the controller.

Mitigation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain fixes through their usual update channels. Customers without service contracts should contact Cisco TAC. No workaround is available. Refer to Cisco Security Advisory [1] for more details.