Cisco Access Point Software Intermittent IPv6 Gateway Change Vulnerability
TL;DR 📌
A medium-severity vulnerability has been identified in Cisco Access Point Software that could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on affected devices. There are no workarounds available, and users are advised to upgrade to fixed software releases.
What happened 🕵️♂️
A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to change the IPv6 gateway on affected devices. This vulnerability arises from a logic error in processing IPv6 RA packets received from wireless clients. An attacker could exploit this by associating with a wireless network and sending crafted IPv6 RA packets, potentially leading to intermittent packet loss for associated wireless clients.
Affected products 🖥️
The following Cisco products are affected if running a vulnerable release of Cisco Access Point Software:
- 6300 Series Embedded Services Access Points (APs)
- Aironet 1540 Series APs
- Aironet 1560 Series APs
- Aironet 1800 Series APs
- Aironet 2800 Series APs
- Aironet 3800 Series APs
- Aironet 4800 APs
- Catalyst 9100 APs
- Catalyst IW6300 Heavy Duty Series APs
- Integrated APs on 1100 Integrated Services Routers (ISRs)
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 17.8 and earlier | Migrate to a fixed release. | |
| 17.9 | 17.9.7 | |
| 17.10 | Migrate to a fixed release. | |
| 17.11 | Migrate to a fixed release. | |
| 17.12 | 17.12.5 | |
| 17.13 | Migrate to a fixed release. | |
| 17.14 | Migrate to a fixed release. | |
| 17.15 | 17.15.2 | |
| 17.16 | Not vulnerable. | |
| 17.17 | Not vulnerable. | |
| 17.18 | Not vulnerable. | |
| 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds that address this vulnerability.
Risk in context 🎯
The vulnerability has a CVSS score of 4.3, classified as Medium severity. The risk is primarily associated with unauthenticated access from adjacent networks, which could lead to temporary changes in the IPv6 gateway, impacting network availability for connected clients.
Fast facts ⚡
- Vulnerability: Cisco Access Point Software Intermittent IPv6 Gateway Change Vulnerability
- CVSS Score: 4.3 (Medium)
- Exploitation: Requires unauthenticated access from adjacent networks
- Impact: Potential intermittent packet loss for wireless clients
- Workarounds: None available
For leadership 🧭
This vulnerability poses a Medium risk to our network infrastructure, primarily affecting Cisco Access Points. The exposure is driven by the need for unauthenticated access, which could allow an attacker to modify the IPv6 gateway, leading to potential packet loss for wireless clients. Immediate remediation is necessary, with a recommendation to patch within 7 days where fixed software is available.
Operationally, the upgrade process will require a brief maintenance window with no expected configuration drift.
Now: Review affected devices and plan for software upgrades.
Next: Implement the necessary software updates.
Later: Monitor network performance post-upgrade to ensure stability and security.