CVE-2015-0646

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 Cisco IOS XE versions 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S

Description The issue is related to a memory leak in the TCP input module, allowing a remote attacker to cause a denial of service by sending crafted TCP packets over IPv4 or IPv6. This is due to improper handling of certain crafted packet sequences used in establishing a TCP three-way handshake. An attacker could exploit this by sending a crafted sequence of TCP packets while establishing a three-way handshake, potentially causing a memory leak and eventual reload of the affected device.

Recommendations For Cisco IOS versions 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4, update to a version that includes the fix for this issue. For Cisco IOS XE versions 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S, update to version 3.10.5S or 3.12.3S, or later. As a temporary workaround, consider restricting access to the TCP input module to minimize the risk of exploitation.