CVE-2014-2111

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 12.4 Cisco IOS versions 15.0 through 15.4

Description The Application Layer Gateway (ALG) module in Cisco IOS contains an issue that allows a remote attacker to cause a denial of service (device reload) via crafted DNS packets when NAT is used. This could potentially affect a significant number of devices worldwide.

Recommendations For Cisco IOS versions 12.2 through 12.4, update to a fixed version to resolve the issue. For Cisco IOS versions 15.0 through 15.4, update to a fixed version to resolve the issue. As a temporary workaround, consider disabling the NAT feature until a patch is available. Restrict access to the ALG module to minimize the risk of exploitation. Avoid using the DNS protocol in the affected API endpoint until the issue is resolved.