CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
23.3%
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios_xe | * | cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* |
cisco | ios_xe | 3.15.1xbs | cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:* |
cisco | ios_xe | 3.15.2xbs | cpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:* |
cisco | ios_xe | 16.7.1 | cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:* |
cisco | ios_xe | 16.7.1a | cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:* |
cisco | ios_xe | 16.7.1b | cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:* |
cisco | ios_xe | 16.7.2 | cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:* |
cisco | ios_xe | 16.7.3 | cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:* |
cisco | ios_xe | 16.7.4 | cpe:2.3:o:cisco:ios_xe:16.7.4:*:*:*:*:*:*:* |
cisco | ios_xe | 16.8.1 | cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:* |
[
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
]
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
23.3%