.webp?w=696&resize=696,0&ssl=1 "Cisco IOS")
Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security Features (SISF) of multiple software platforms that could allow unauthenticated attackers to cause denial of service (DoS) conditions.
The vulnerability stems from incorrect handling of DHCPv6 packets and affects Cisco IOS Software, IOS XE Software, NX-OS Software, and Wireless LAN Controller (WLC) AireOS Software.
By exploiting this weakness, attackers could force affected devices to reload, disrupting network operations.
.png
)
This advisory is part of Cisco’s May 2025 semiannual bundled security publication, highlighting significant vulnerabilities requiring immediate attention.
The security flaw (tracked under multiple identifiers including CSCwk04230, CSCvq14413, CSCvo13585, and CSCwj88828) exists in SISF components across multiple Cisco platforms.
Technically, the vulnerability allows an unauthenticated but adjacent attacker to exploit the incorrect handling of DHCPv6 packets in the affected software.
The attack vector requires sending specifically crafted DHCPv6 packets to targeted devices, which when processed by the vulnerable SISF component, triggers an improper handling condition.
This condition forces the device to reload, effectively creating a denial of service situation that disrupts network connectivity and services.
The adjacency requirement means attackers need to be on a directly connected network segment, limiting the attack scope but not its effectiveness within that constraint.
Affected Products and Detection Methods
The vulnerability impacts multiple Cisco product lines running vulnerable software releases with SISF enabled.
Key affected products include Cisco IOS Software, IOS XE Software (including specific versions for WLCs), WLC AireOS Software, and several Nexus switch platforms running NX-OS Software, including Nexus 3000, 7000, and 9000 Series in standalone mode.
Administrators can determine if their devices are vulnerable through several diagnostic commands.
For Cisco IOS and IOS XE Software, running “show device-tracking policies” or “show ipv6 snooping policies” will indicate if SISF is enabled by showing any configured policies.
For WLC AireOS Software, administrators should use “show ipv6 summary” to check if Global Config is enabled.
In NX-OS environments, “show ipv6 snooping policies” will reveal if the feature is active. Importantly, Cisco has confirmed that numerous products are not affected, including Firepower series appliances, Meraki products, and Nexus 9000 Series in ACI mode.
Mitigation Strategies and Fixed Software
Cisco emphasizes that no workarounds exist for this vulnerability, making software updates the only effective solution.
The company has released free software updates addressing the vulnerability across all affected platforms.
For Cisco WLC AireOS Software, version 8.10.196.0 contains the fix, while earlier releases require migration to supported versions.
Customers with Cisco service contracts should obtain security fixes through their regular update channels.
Those without service contracts can contact the Cisco Technical Assistance Center (TAC) to obtain the necessary updates, providing the advisory URL as entitlement evidence.
Cisco provides the Software Checker tool to help administrators determine their exposure and identify appropriate update paths.
According to Cisco’s Product Security Incident Response Team (PSIRT), there have been no public announcements or malicious exploitation of this vulnerability in the wild, as it was discovered during resolution of a Cisco TAC support case.
Administrators of affected systems should prioritize these updates to protect their network infrastructure from potential exploitation and service disruption.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
.webp?w=1200&resize=1200,0&ssl=1&description=Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security Features (SISF).){kind=link}