CVE-2014-2143

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.4(1)T and earlier Cisco IOS XE versions prior to the fixed version

Description The issue is related to the IKE implementation, which allows remote attackers to cause a denial of service by dropping security associations via crafted Main Mode packets. This is due to improper handling of rogue IKE Main Mode packets. An attacker could exploit this by sending a crafted IKE Main Mode packet to an affected device, allowing them to delete established security associations. The attacker may need access to trusted, internal networks to send crafted packets.

Recommendations For Cisco IOS versions 15.4(1)T and earlier, update to a version that includes the fix for this issue. For Cisco IOS XE versions prior to the fixed version, update to the fixed version or apply the recommended software updates from Cisco. As a temporary workaround, consider restricting access to the IKE module to minimize the risk of exploitation.