Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability

Vulnerability

A vulnerability in the packet processing functionality of Cisco access point (AP) software allows an unauthenticated, adjacent attacker to exhaust resources on an affected device. The issue stems from insufficient management of resources when handling certain types of traffic. Affected versions include Cisco Wireless LAN Controller Software releases 8.10 and earlier (fixed in 8.10.190.0), Catalyst 9800 Wireless Controller Software releases 17.2 and earlier, 17.3 (fixed in 17.3.8), 17.4, 17.5, 17.6 (fixed in 17.6.6), 17.8, 17.9 (fixed in 17.9.4), 17.10, 17.11; release 17.12 is not vulnerable. Business Wireless AP Software releases 10.9.1 and earlier are also affected [1].

Exploitation

An attacker must be within wireless range of the target AP (adjacent network access) and does not require authentication. The exploit involves sending a series of specific wireless packets to the affected device. No user interaction is needed. The attack consumes system resources on the AP, and a sustained attack can lead to resource exhaustion [1].

Impact

Successful exploitation results in resource exhaustion on the affected AP. This can disrupt the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and cause intermittent loss of wireless client traffic. No code execution, privilege escalation, or data disclosure is described [1].

Mitigation

Cisco has released fixed software versions as listed in the advisory. For APs managed by a Wireless LAN Controller or Mobility Express, upgrade the controller to 8.10.190.0 or later. For APs managed by a Catalyst 9800 Wireless Controller or Embedded Wireless Controller, upgrade to 17.3.8, 17.6.6, 17.9.4, or later as appropriate. Business Wireless AP Software users should upgrade to a fixed release when available. No workarounds are provided. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].