CVE-2015-0647

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 through 15.3

Description The issue allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets. Successful exploitation could allow an unauthenticated, remote attacker to cause a reload of the forwarding plane, resulting in an interruption of services on an affected device. Repeated exploitation could result in a sustained DoS condition. Additionally, it could cause a memory leak on an affected device.

Recommendations For Cisco IOS versions 12.2 through 15.3, update to a version that includes the software updates released by Cisco to address these vulnerabilities. As a temporary workaround, consider restricting the use of the CIP feature until a patch is available. Avoid using crafted CIP packets to minimize the risk of exploitation.