A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Cisco Cisco NX-OS Software unknown
Version Status Constraints
8.2(5) affected
7.3(5)D1(1) affected
8.4(2) affected
8.4(3) affected
9.2(3) affected
9.2(2v) affected
7.3(4)D1(1) affected
8.2(1) affected
9.2(1) affected
9.2(2t) affected
9.2(3y) affected
7.0(3)I7(6z) affected
9.3(2) affected
7.0(3)I7(3z) affected
7.0(3)IM7(2) affected
7.0(3)I7(5a) affected
8.1(1) affected
8.2(2) affected
8.3(2) affected
7.3(2)D1(3a) affected
9.2(4) affected
8.1(2) affected
7.3(3)D1(1) affected
8.2(3) affected
7.0(3)I7(2) affected
7.0(3)I7(3) affected
8.4(1) affected
7.3(0)DX(1) affected
7.3(2)D1(1) affected
9.3(1) affected
7.0(3)I7(6) affected
7.3(2)D1(2) affected
8.2(4) affected
7.0(3)I7(4) affected
7.0(3)I7(7) affected
9.3(1z) affected
9.2(2) affected
8.1(2a) affected
7.3(2)D1(3) affected
7.0(3)I7(5) affected
7.0(3)I7(1) affected
7.0(3)IA7(2) affected
7.0(3)IA7(1) affected
8.3(1) affected
7.3(1)D1(1) affected
7.3(0)D1(1) affected
9.3(3) affected
7.3(2)D1(1d) affected
7.0(3)I7(8) affected
9.3(4) affected
7.3(6)D1(1) affected
8.2(6) affected
9.3(5) affected
7.0(3)I7(9) affected
9.3(6) affected
10.1(2) affected
10.1(1) affected
8.4(4) affected
7.3(7)D1(1) affected
9.3(5w) affected
8.2(7) affected
9.3(7) affected
9.3(7k) affected
7.0(3)I7(9w) affected
10.2(1) affected
7.3(8)D1(1) affected
9.3(7a) affected
8.2(7a) affected
9.3(8) affected
8.4(4a) affected
8.4(5) affected
7.0(3)I7(10) affected
8.2(8) affected
10.2(1q) affected
10.2(2) affected
9.3(9) affected
10.1(2t) affected
7.3(9)D1(1) affected
10.2(3) affected
8.4(6) affected
10.2(3t) affected
9.3(10) affected
10.2(2a) affected
8.2(9) affected
10.3(1) affected
10.2(4) affected
8.4(7) affected
10.3(2) affected
8.4(6a) affected
9.3(11) affected
10.3(3) affected
10.2(5) affected
8.2(10) affected
9.3(12) affected
10.2(3v) affected
10.4(1) affected
8.4(8) affected
10.3(99w) affected
10.2(6) affected
10.3(3w) affected
10.3(99x) affected
10.3(3o) affected
8.4(9) affected
10.3(4) affected
10.3(3p) affected
10.3(4a) affected
10.4(2) affected
10.3(3q) affected
9.3(13) affected
8.2(11) affected
10.3(5) affected
10.2(7) affected
10.4(3) affected
10.3(3x) affected
10.3(4g) affected
10.2(8) affected
10.3(3r) affected
9.3(14) affected
10.3(4h) affected
Cisco Cisco Wireless LAN Controller (WLC) unknown
Version Status Constraints
8.10.112.0 affected
8.8.120.0 affected
8.3.143.0 affected
8.3.111.0 affected
8.2.164.0 affected
8.5.109.0 affected
8.3.132.0 affected
8.5.105.0 affected
8.2.170.0 affected
8.2.160.0 affected
8.8.100.0 affected
8.9.111.0 affected
8.7.102.0 affected
8.3.102.0 affected
8.3.133.0 affected
8.3.131.0 affected
8.5.100.0 affected
8.5.131.0 affected
8.3.122.0 affected
8.5.101.0 affected
8.3.112.0 affected
8.5.120.0 affected
8.2.141.0 affected
8.3.141.0 affected
8.3.121.0 affected
8.2.151.0 affected
8.3.130.0 affected
8.5.102.0 affected
8.2.161.0 affected
8.5.151.0 affected
8.2.100.0 affected
8.5.135.0 affected
8.3.135.0 affected
8.5.140.0 affected
8.7.106.0 affected
8.9.100.0 affected
8.8.111.0 affected
8.2.110.0 affected
8.5.110.0 affected
8.2.130.0 affected
8.5.141.105 affected
8.2.121.0 affected
8.8.125.0 affected
8.3.150.0 affected
8.2.111.0 affected
8.10.105.0 affected
8.5.108.0 affected
8.3.108.0 affected
8.2.166.0 affected
8.5.103.0 affected
8.3.140.0 affected
8.6.101.0 affected
8.4.100.0 affected
8.5.160.0 affected
8.5.161.0 affected
8.8.130.0 affected
8.10.120.0 affected
8.10.121.0 affected
8.10.113.0 affected
8.10.122.0 affected
8.10.130.0 affected
8.10.141.0 affected
8.10.142.0 affected
8.5.171.0 affected
8.10.150.0 affected
8.10.151.0 affected
8.10.162.0 affected
8.5.182.0 affected
8.10.171.0 affected
8.10.180.0 affected
8.10.181.0 affected
8.10.182.0 affected
8.10.170.0 affected
8.10.183.0 affected
8.5.182.7 affected
8.5.182.105 affected
8.5.182.106 affected
8.10.185.0 affected
8.5.182.107 affected
8.5.182.11 affected
8.5.182.108 affected
8.10.190.0 affected
8.10.195.0 affected
8.5.182.12 affected

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13915 A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY cve-icon cve-icon
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00014}

 epss

{'score': 0.00015}

Wed, 07 May 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 May 2025 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the incorrect handling of DHCPv6 packets. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Title Multiple Cisco Products Denial of Service Vulnerability
Weaknesses CWE-805
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-05-07T19:46:53.825Z

Reserved: 2024-10-10T19:15:13.226Z

Link: CVE-2025-20191

cve-icon Vulnrichment

Updated: 2025-05-07T18:56:30.730Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-05-07T18:15:39.110

Modified: 2025-05-08T14:39:09.683

Link: CVE-2025-20191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses