Cisco Application Visibility and Control FlexConnect UDP Vulnerability

A vulnerability in Cisco Application Visibility and Control (AVC) software for wireless networking could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper validation of UDP packets in the configuration of FlexConnect mode. An unauthenticated, adjacent attacker could exploit this vulnerability by sending a crafted UDP packet to an AP with FlexConnect mode configured. A successful exploit could allow the attacker to cause a targeted access point to become unavailable, leading to a DoS condition.

Cisco confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must be on the same collision or broadcast domain as the targeted device. This access requirement reduces the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.