VDB

CISCO-SA-SISF-DOS-ZGWT4DDY

CISCO-SA-SISF-DOS-ZGWT4DDY PUBLISHED CVSS 7.400000095367432 HIGH

A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75279"].

Risk Scores

CVSS v3.1
7.400000095367432
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products

VendorProductVersions
15.2(6)E3
15.2(6)E0c
15.2(6)E1a
15.2(7a)E0b
15.2(7)E3
15.2(6)E2
15.2(7)E1
15.2(7b)E0b
15.2(7)E0s
15.2(7)E1a
15.2(6)E1s
15.2(6)E2a
15.2(7)E
15.2(6)E0a
15.2(6)E1
15.2(6)E
15.2(7)E0a
15.2(7)E2
15.2(7)E0b
15.2(6)E2b

Timeline

  • May 7, 2025 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›