Key Information Summary Vulnerability Overview Vulnerability Type: Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability Severity: High (CVSS Score: 7.4) Impact: By sending a series of IPv6 network requests, an attacker can cause the wireless network control daemon (wncd) to crash, resulting in a denial of service (DoS) condition. Affected Products Affected Products: - Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches - Catalyst 9800 Series Wireless Controllers - Catalyst 9800-CL Wireless Controllers for Cloud - Embedded Wireless Controllers on Catalyst Access Points Remediation Fix: Cisco has released software updates to address this vulnerability. Workaround: Customers can mitigate this vulnerability by disabling wireless IPv6 clients, if the feature is not in use. Additional Information Products Not Affected: IOS Software, IOS XR Software, Meraki products, NX-OS Software, WLC AireOS Software Exploitation and Public Disclosure: Cisco Product Security Incident Response Team (PSIRT) has not identified any public disclosures or malicious exploitation of this vulnerability at this time. Source: This vulnerability was discovered during the resolution of a Cisco TAC support case.