Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability

A vulnerability in the Internet Access Point Protocol (IAPP) module of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause network traffic to be forwarded to an unexpected destination network.

The vulnerability is due to improper input validation of the IPv6 packet. An attacker could exploit this vulnerability by sending crafted IPv6 packets to the WLC interface. An exploit could allow the attacker to send traffic to an unexpected destination on a remote sub-network.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, the attacker would need to send crafted IPv6 packets to the targeted device, making exploitation more difficult in environments that restrict network access from untrusted sources.

A successful exploit may disclosure sensitive information because network traffic is leaked outside the specified Control and Provisioning of Wireless Access Points Protocol (CAPWAP) Access Points (APs) configured in the networking environment. Exploiting this vulnerability may also result in a DoS condition, because network traffic can be forwarded to an unexpected destination network.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.