CVE-2014-3327

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 15.0, 15.1, 15.2, and 15.4 Cisco IOS XE versions 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E

Description The issue is related to the EnergyWise module in Cisco IOS and Cisco IOS XE Software, which allows an unauthenticated, remote attacker to cause a reload of the affected device due to improper parsing of crafted EnergyWise packets. An attacker could exploit this by sending a crafted EnergyWise packet to be processed by an affected device, resulting in a denial of service (device reload).

Recommendations For Cisco IOS versions 12.2, 15.0, 15.1, 15.2, and 15.4, update to a version that includes the fix for this issue. For Cisco IOS XE versions 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E, update to version 3.5.3E or later. As a temporary workaround, consider restricting access to the EnergyWise module until a patch is applied.