CVE-2012-0382

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0, 12.2 through 12.4, and 15.0 through 15.2 Cisco IOS XE versions 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S Cisco IOS XE versions 3.1.xSG and 3.2.xSG before 3.2.2SG

Description The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet. A remote, unauthenticated attacker could exploit this issue to cause a reload of an affected device, potentially resulting in a sustained denial of service (DoS) condition.

Recommendations For Cisco IOS versions 12.0, 12.2 through 12.4, and 15.0 through 15.2, update to a fixed version of Cisco IOS. For Cisco IOS XE versions 2.1.x through 2.6.x, update to version 3.4.1S or later. For Cisco IOS XE versions 3.1.xS through 3.4.xS, update to version 3.4.1S or later. For Cisco IOS XE versions 3.1.xSG and 3.2.xSG, update to version 3.2.2SG or later. As a temporary workaround, consider restricting access to MSDP packets to minimize the risk of exploitation.