CVE-2015-6263

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.4(3)M2.2 and earlier

Description The issue is related to the RADIUS client implementation in Cisco IOS, which is affected by resource management errors. This can be exploited by a remote attacker using specially crafted RADIUS protocol messages, potentially leading to a denial of service (device reload). The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server. An attacker could exploit this by configuring a RADIUS server with a shared RADIUS secret and returning malformed answers to a RADIUS client on an affected Cisco device.

Recommendations For Cisco IOS version 15.4(3)M2.2, update to a newer version that includes the fix for this issue. At the moment, there is no information about additional mitigation measures for other affected versions.