CVE-2014-3284

Name of the Vulnerable Software and Affected Versions Cisco IOS XE on ASR1000 devices (affected versions not specified)

Description The issue allows an unauthenticated, adjacent attacker to cause a reload of the affected device, leading to a denial of service (DoS) condition. This is due to improper processing of certain malformed PPPoE packets. An attacker could exploit this by sending a malformed PPPoE packet to an IOS XE ASR1000 device configured with PPPoE termination. The attacker must have access to the same broadcast or collision domain as the targeted device to send malformed PPPoE packets.

Recommendations To resolve the issue, update to a version of Cisco IOS XE Software that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation. Restrict the use of PPPoE termination on IOS XE ASR1000 devices until a patch is available.