CVE-2014-3354

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 Cisco IOS XE versions 2.x and 3.x before 3.7.4S Cisco IOS XE versions 3.2.xSE and 3.3.xSE before 3.3.2SE Cisco IOS XE versions 3.3.xSG and 3.4.xSG before 3.4.4SG Cisco IOS XE versions 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S

Description A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability could be exploited repeatedly to cause an extended DoS condition. The issue is related to the handling of malformed RSVP packets.

Recommendations For Cisco IOS versions 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3, update to a fixed version. For Cisco IOS XE versions 2.x and 3.x, update to version 3.7.4S or later. For Cisco IOS XE versions 3.2.xSE and 3.3.xSE, update to version 3.3.2SE or later. For Cisco IOS XE versions 3.3.xSG and 3.4.xSG, update to version 3.4.4SG or later. For Cisco IOS XE versions 3.8.xS, 3.9.xS, and 3.10.xS, update to version 3.10.1S or later. As a temporary workaround, consider implementing a mitigation that blocks malformed RSVP packets.