CVE-2014-2109

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 12.4 Cisco IOS versions 15.0 through 15.4

Description The TCP Input module in Cisco IOS, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets. This issue is related to the implementation of the Network Address Translation (NAT) feature, which contains vulnerabilities when translating IP packets. An unauthenticated, remote attacker could exploit this to cause a denial of service condition.

Recommendations For Cisco IOS versions 12.2 through 12.4, update to a version that addresses these vulnerabilities. For Cisco IOS versions 15.0 through 15.4, update to a version that addresses these vulnerabilities. As a temporary workaround, consider restricting the use of NAT to minimize the risk of exploitation.