Cisco IOS XE Wireless LAN Controllers Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs). This issue allows an unauthenticated, adjacent wireless attacker to disrupt service by sending a series of IPv6 network requests from an associated wireless IPv6 client to the affected device. The vulnerability arises from improper memory management, which can lead to the wncd process consuming excessive memory and causing the device to become unresponsive.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the affected device to stop responding to network requests.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. Customers can also use the Cisco Software Checker tool to determine their exposure to this vulnerability and find the first fixed release.