—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Cisco IOS XE Wireless Controller Software CAPWAP Denial of Service Vulnerability

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Cisco IOS XE Wireless Controller Software

Catalyst CW9800H Wireless Controllers

Catalyst CW9800M Wireless Controllers

Overview

A vulnerability has been reported in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device.

Successful exploitation of this vulnerability could allow the attacker to the affected device to reload unexpectedly, resulting in a DoS condition.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOm

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOm

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOm

CVE Name

CVE-2026-20086

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnOgeUACgkQ3jCgcSdc

ys/K4xAAopcTt6lTX+qbOH9scrNL9I3rX8ATP0bEXFeNCtenPi1Fhn4LVtPOiUHV

r7x8ZmB4QLtGGrofcEX1YfRTC7iaGpQP58jJDKzVk07Z1P8/K3Pld0M1+YsNsWNa

tbRLoOx4shjq1zXP0x9Jgqdlto+NHxfmpzazQfH6enNI2DhW1Khc5v0m1H50eEmb

X626Oz0Bmz/UoB8NAVSwJJQwgO41FO7Lksr1sFxgqSEBYAFEGHmDgD8j7OqSWPdy

xNdJi3+89yT13Q0GOHa37PzThL2MPOYN0ba4hK4mE0VlkteeH033XaPd+qLdft8J

0yPkM5EYuMmaXZmwDWjY/Mk97YOpdguQfN2sPgKT2JfqlFqqbOKZWwu49l+/Kwd2

jdEBD55txS1CxOyF1xKUTHvmKHlH7ei+maioZVbqMZq530go4J7k3XSVIpgIEk0n

4LShGqVX7yd9UrFzmTAczr7OmCPhtnyTu5omR5oinppxs8I8LCogEexFR3OAS9In

DQSEfvD3etFAEXltl/5/xigQW3+00L3YqI3LdM3Q0Jp0cnnM07QdgEhP6yZVd82T

qsOx+c9ioSzR5Ko09wdZihqXoruT0+ZGQhVFjVn1+uLSMrPo6rHHGVpDnea50RnO

/Fq/h7QKpDLqRvf4HnwZ3qJjvQLdT4e+dBpaQI8UuELYOodD5IY=

=kb80

—–END PGP SIGNATURE—–