CVE-2015-0638

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 12.4, 15.0, 15.2, and 15.3

Description The issue allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets. This is due to a failure to properly process malicious ICMP version 4 messages received on a VRF-enabled interface. An attacker could exploit this by submitting ICMPv4 messages designed to trigger the vulnerability on an affected device, leading to a queue wedge. When a wedge occurs, the affected device will stop processing any additional packets received on the wedged interface.

Recommendations For Cisco IOS versions 12.2, 12.4, 15.0, 15.2, and 15.3, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. At the moment, there is no information about specific workarounds that mitigate this vulnerability.