Cisco Patches Critical SISF Vulnerability Affecting Multiple Products

Home/cisco, Internet Security, Security Advisory, Security Update, vulnerability/Cisco Patches Critical SISF Vulnerability Affecting Multiple Products

Cisco Patches Critical SISF Vulnerability Affecting Multiple Products

Cisco has issued critical security updates to address a vulnerability in its Switch Integrated Security Features (SISF), which affects several of its software platforms.

The flaw could let attackers on the same network segment send specially crafted DHCPv6 packets to force devices to reload, resulting in a denial of service (DoS) that interrupts network traffic and operations.

The vulnerability affects Cisco IOS, IOS XE, NX-OS, and Wireless LAN Controller (WLC) AireOS software. It stems from incorrect handling of DHCPv6 packets by the SISF component. If exploited, an attacker could crash the device remotely—without authentication—provided they are on a directly connected network.

This flaw is part of Cisco’s May 2025 semiannual bundled security advisory and is tracked under several IDs, including CSCwk04230 and CSCvq14413. Although the attack requires adjacency (local access), it poses a serious risk within internal networks or data center environments.

Who’s at Risk?

Affected devices include routers, switches, and controllers running vulnerable versions of IOS, IOS XE, NX-OS (Nexus 3000, 7000, 9000 in standalone mode), and AireOS. Notably, devices like Cisco Meraki, Firepower appliances, and Nexus 9000 in ACI mode are not affected.

Admins can use diagnostic commands to check if SISF is active:

  • For IOS/IOS XE: show device-tracking policies or show ipv6 snooping policies
  • For AireOS: show ipv6 summary
  • For NX-OS: show ipv6 snooping policies

No Workarounds – Immediate Patching Required

Cisco has confirmed there are no temporary fixes or workarounds. The only way to secure affected devices is to update to patched software versions.

WLC users should upgrade to version 8.10.196.0 or later. Updates are available through standard Cisco support channels and can also be requested via Cisco TAC even without a support contract, using the advisory as proof.

Cisco’s Product Security Incident Response Team (PSIRT) reports that this vulnerability was discovered internally through a TAC support case and has not been exploited in the wild.

However, given the potential for network disruption, Cisco strongly advises all administrators to patch affected systems as soon as possible.

Post Views: 121
By | 2025-05-10T01:11:15+05:30 May 8th, 2025|cisco, Internet Security, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!