Cisco Catalyst CW9800 Family CAPWAP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family. This issue allows an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The vulnerability arises from improper handling of malformed Control and Provisioning of Wireless Access Points (CAPWAP) packets. Exploitation involves sending a malformed CAPWAP packet to the device.

Impact

Exploitation of this vulnerability causes the affected device to reload unexpectedly, creating a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading to the fixed software can be found on the Cisco Support and Downloads page. Customers without a Cisco service contract should contact the Cisco Technical Assistance Center (TAC) for upgrade assistance.