CVE-2012-1367

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0 through 12.2, 15.0 through 15.1, and 15.2

Description The issue allows remote attackers to cause a denial of service, resulting in a Route Processor crash. This can be achieved via a BGP UPDATE message with a modified local-preference attribute length.

Recommendations For Cisco IOS versions 12.0 through 12.2, update to a version that includes the fix for Bug ID CSCtq06538. For Cisco IOS versions 15.0 through 15.1, update to a version that includes the fix for Bug ID CSCtq06538. For Cisco IOS version 15.2, update to a version that includes the fix for Bug ID CSCtq06538. As a temporary workaround, consider restricting BGP UPDATE messages to minimize the risk of exploitation.