A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.
2024-03-27T17:15:51.320
2025-08-06T13:45:24.563
Analyzed
CVSSv3.1: 8.6 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | ios_xe | < 17.3.8 | Yes |
| Operating System | cisco | ios_xe | < 17.6.6 | Yes |
| Operating System | cisco | ios_xe | < 17.9.5 | Yes |
| Operating System | cisco | ios_xe | < 17.12.2 | Yes |
| Application | cisco | business_access_points | < 10.9.1.0 | Yes |
| Hardware | cisco | business_140ac | - | No |
| Hardware | cisco | business_140ac_access_point | - | No |
| Hardware | cisco | business_141acm | - | No |
| Hardware | cisco | business_142acm | - | No |
| Hardware | cisco | business_143acm | - | No |
| Hardware | cisco | business_145ac | - | No |
| Hardware | cisco | business_145ac_access_point | - | No |
| Hardware | cisco | business_240ac | - | No |
| Application | cisco | business_access_points | < 10.6.2.0 | Yes |
| Hardware | cisco | business_150ax | - | No |
| Hardware | cisco | business_150ax_access_point | - | No |
| Hardware | cisco | business_151axm | - | No |
| Operating System | cisco | wireless_lan_controller_software | < 8.10.190.0 | Yes |