CVE-2016-9220 Cisco CVE debrief

Who should care

Organizations running Cisco Mobility Express on 2800 or 3800 access points, especially wireless administrators and network operations teams responsible for campus, branch, or guest Wi-Fi availability.

Technical summary

The flaw is described as a DoS condition in 802.11 ingress packet processing. NVD assigns CVSS v3.0 vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L and CWE-399, indicating an adjacent, unauthenticated attack that impacts availability only. The vendor advisory notes that invalid connections can exhaust the connection table and block new requests.

Defensive priority

Medium. The issue does not disclose data or alter integrity, but it can disrupt wireless service on affected access points. Prioritize if the impacted APs are customer-facing or operationally critical.

Recommended defensive actions

• Confirm whether Cisco Mobility Express APs are running release 8.2(130.0) or another affected version listed by Cisco.
• Upgrade to a fixed release from Cisco's advisory, such as 8.2(131.10), 8.2(131.6), 8.2(141.0), 8.3(104.56), 8.4(1.88), or 8.4(1.91), according to your supported train.
• Review wireless network monitoring and alerting for repeated connection-table exhaustion or abnormal request-processing failures.
• Restrict adjacency to trusted wireless environments where feasible, since the attack requires adjacent network access.
• Track Cisco security advisories and confirm appliance firmware compliance during maintenance windows.

Evidence notes

All claims are drawn from the supplied NVD record and Cisco advisory references. The vulnerability was published on 2017-01-26 and later modified in the source record on 2026-05-13. The CVSS vector, affected release, fixed releases, and CWE classification come from the provided source metadata.

Official resources