Cisco Access Point Software IPv6 Router Advertisement Gateway Modification Vulnerability

A vulnerability exists in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software. It allows an unauthenticated, adjacent attacker to temporarily modify the IPv6 gateway on the affected device. This issue arises from a logic error in how IPv6 RA packets from wireless clients are processed. Exploitation involves associating with a wireless network and sending crafted IPv6 RA packets, which could disrupt network connectivity for clients connected to the affected access point.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of the IPv6 gateway on the affected device, causing intermittent packet loss for wireless clients connected to it.

Remediation

Cisco has released software updates to address this vulnerability. Access points managed by a Catalyst 9800 Wireless Controller or Embedded Wireless Controller should upgrade to the fixed releases indicated in the advisory. For access points managed by a Wireless LAN Controller or Mobility Express, no software updates are available, and customers are advised to consult the end-of-life notices for these products.