Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition.
AnalysisAI
This is a denial of service vulnerability in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family caused by improper handling of malformed CAPWAP (Control and Provisioning of Wireless Access Points) packets. The vulnerability affects multiple versions of Cisco IOS XE Software in the 17.14.x through 17.18.x release trains. An unauthenticated remote attacker can exploit this to cause the wireless controller to reload unexpectedly, resulting in complete network disruption with a high severity CVSS score of 8.6.
Technical ContextAI
The vulnerability resides in the CAPWAP protocol implementation, which is used for communication between wireless controllers and access points in enterprise wireless networks. According to the CPE data (cpe:2.3:a:cisco:cisco_ios_xe_software), this affects Cisco IOS XE Software specifically when deployed as wireless controller software on Catalyst CW9800 series devices. The root cause is classified as CWE-230 (Improper Handling of Missing Values), indicating the software fails to properly validate or handle missing or malformed fields in CAPWAP packets before processing them. CAPWAP operates over UDP port 5246/5247 and encapsulates wireless management and data frames, making it a critical protocol for wireless network infrastructure. The improper input validation allows specially crafted packets to trigger unexpected behavior leading to device reload.
RemediationAI
Cisco recommends upgrading affected IOS XE Software installations to a fixed release as specified in the security advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOm. Organizations should consult the Cisco Security Advisory for specific fixed versions corresponding to their current release train, as Cisco typically provides fixes in subsequent maintenance releases or suggested migration paths to newer trains. As an interim mitigation until patching is complete, network administrators should implement access control lists (ACLs) to restrict CAPWAP traffic (UDP ports 5246 and 5247) to only authorized access points using known IP addresses or subnets, preventing untrusted sources from sending malformed packets to the wireless controller. Additional hardening measures include deploying the wireless controllers behind firewalls with strict ingress filtering and enabling device monitoring to detect unexpected reload events that may indicate exploitation attempts.
Same weakness CWE-230 – Improper Handling of Missing Values
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15433
GHSA-m53c-9wh4-q9hq