CVE-2015-0643

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 Cisco IOS XE versions 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S Cisco IOS XE versions 3.2.xE through 3.7.xE before 3.7.1E Cisco IOS XE versions 3.3.xSG, 3.4.xSG Cisco IOS XE versions 3.13.xS before 3.13.2S

Description The issue allows remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over IPv4 or IPv6. This is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this by sending malformed IKEv2 packets to an affected device to be processed, potentially causing a reload of the device or excessive consumption of resources leading to a denial of service condition.

Recommendations For Cisco IOS versions 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4, update to a fixed version. For Cisco IOS XE versions 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, update to version 3.12.3S or later. For Cisco IOS XE versions 3.2.xE through 3.7.xE before 3.7.1E, update to version 3.7.1E or later. For Cisco IOS XE versions 3.3.xSG, 3.4.xSG, update to a fixed version. For Cisco IOS XE versions 3.13.xS before 3.13.2S, update to version 3.13.2S or later.