CVE-2007-4285

Name of the Vulnerable Software and Affected Versions Cisco IOS and Cisco IOS XR versions 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T

Description The issue is related to the processing of specially crafted IPv6 packets with a Type 0 Routing Header present, which can lead to information leakage on affected devices and may also result in a crash of the affected device or its IPv6 subsystem.

Recommendations For Cisco IOS and Cisco IOS XR versions 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, update to a version that includes the fix for this vulnerability, as free software is available from Cisco to address this issue. As a temporary workaround, consider implementing workarounds available to mitigate the effects of the vulnerability. Restrict access to crafted IPv6 packets with a Type 0 Routing Header to minimize the risk of exploitation.