Cisco IOS XE NBAR CAPWAP Packet Processing Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software. This issue allows an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The vulnerability arises from improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. Exploitation involves sending these malformed CAPWAP packets through the affected device.

Impact

Exploitation of this vulnerability causes the affected device to reload unexpectedly, creating a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. To determine the appropriate update, users can consult the Cisco Software Checker tool, which identifies fixed software releases. Instructions for using the Cisco Software Checker are available on the Cisco Security Advisories page.