Cisco IOS XE Ethernet Frame Handling Vulnerability in Catalyst 9000 Series Switches Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in Cisco IOS XE Software for Catalyst 9000 Series Switches. This issue allows an unauthenticated, adjacent attacker to block an egress port, causing it to drop all outbound traffic. The vulnerability arises from improper handling of crafted Ethernet frames. Exploitation involves sending these frames through an affected switch, which can result in the egress port becoming unresponsive and failing to forward traffic, thereby creating a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the affected switch's egress port to drop all outbound traffic, leading to a denial-of-service condition on that port.

Remediation

Cisco has released software updates to address this vulnerability. For instructions on upgrading to a fixed software release, consult the Cisco Security Vulnerability Policy or contact the Cisco Technical Assistance Center (TAC).