CVE-2015-4199

Name of the Vulnerable Software and Affected Versions Cisco IOS version 15.3S

Description The issue is caused by a race condition in the IPv6-to-IPv4 functionality in the Performance Routing Engine (PRE) module. This allows remote attackers to cause a denial of service by triggering intermittent connectivity with many IPv6 CPE devices. The exploitation of this issue may result in a NULL pointer free and module crash.

Recommendations For Cisco IOS version 15.3S, consider disabling the IPv6-to-IPv4 functionality in the Performance Routing Engine (PRE) module as a temporary workaround until a patch is available. Restrict access to the PRE module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.