Cisco Products Switch Integrated Security Features DHCPv6 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Switch Integrated Security Features (SISF) of multiple Cisco software platforms, including Cisco IOS, Cisco IOS XE, Cisco NX-OS, and Cisco Wireless LAN Controller AireOS. This vulnerability allows an unauthenticated, adjacent attacker to cause a DoS condition on the affected device by sending a crafted DHCPv6 packet. The vulnerability arises from improper handling of DHCPv6 packets, which can lead to the device reloading and causing a service disruption.

Impact

Exploitation of this vulnerability causes the affected device to reload, creating a denial-of-service condition.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For Cisco WLC AireOS, versions 8.10.196.0 and later are fixed. For Cisco IOS XE Software for WLCs, customers should migrate to a supported release that includes the fix. Cisco NX-OS users can consult the Cisco Software Checker to determine their exposure and find fixed releases.