CiscoCISCO-SA-20150623-CVE-2015-4215Cisco Wireless LAN Controller IPv6 Packet Handling Denial of Service Vulnerability
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
0.003 Low
EPSS
Percentile
68.4%
A vulnerability in Cisco Wireless LAN Controller (WLC) devices could allow an unauthenticated, adjacent attacker could to cause a crash of an affected device.
The vulnerability exists due to an unhandled exception that may occur when IPv6 traffic is forwarded to a device that is not configured for IPv6. An attacker could exploit this vulnerability by sending a certain class of IPv6 traffic to an affected device.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker must be on the same broadcast or collision domain as the targeted device. This access requirement reduces the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
Related
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
0.003 Low
EPSS
Percentile
68.4%