Cisco IOS XE Wireless Controller Software CDP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Cisco IOS XE Wireless Controller Software. This issue allows an unauthenticated, adjacent attacker to disrupt service on an affected device. The vulnerability arises from inadequate input validation of Cisco Discovery Protocol (CDP) neighbor reports from access points (APs) when processed by the wireless controller. An attacker could exploit this by sending a crafted CDP packet to an AP, causing an unexpected reload of the wireless controller managing the AP, and disrupting the wireless network.

Impact

Exploitation of this vulnerability leads to an unexpected reload of the wireless controller, causing a denial-of-service condition that affects the wireless network.

Remediation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. To determine exposure to this vulnerability, use the Cisco Software Checker tool.