TL;DR 📌

A denial of service vulnerability has been identified in Cisco IOS XE Software for Catalyst 9000 Series Switches. An unauthenticated, adjacent attacker can exploit this vulnerability by sending crafted Ethernet frames, causing an egress port to drop all outbound traffic. The highest CVSS score is 7.4 (High). Cisco has released fixed software, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability exists in the handling of certain Ethernet frames within Cisco IOS XE Software for Catalyst 9000 Series Switches. This flaw allows an unauthenticated, adjacent attacker to send crafted Ethernet frames, which can block an egress port, resulting in a denial of service (DoS) condition. Once exploited, the affected port will drop all outbound traffic, severely impacting network operations.

TL;DR 📌

A medium-severity vulnerability has been identified in Cisco IOS XE SD-WAN Software that allows unauthenticated remote attackers to bypass Layer 3 and Layer 4 traffic filters. This could lead to unauthorized access to network resources. Users are advised to implement workarounds or upgrade to fixed software versions as soon as possible.

What happened 🕵️‍♂️

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This issue arises from improper traffic filtering conditions on affected devices. By sending a crafted packet, an attacker could exploit this vulnerability to inject malicious packets into the network. Proof-of-concept exploit code is available, although there are no known instances of malicious exploitation at this time.