CVE-2015-0645

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 2.x through 3.15.0S, with the following specific versions being affected: versions 3.x before 3.10.4S versions 3.11 before 3.11.3S versions 3.12 before 3.12.2S versions 3.13 before 3.13.1S versions 3.14 before 3.14.0S versions 3.15 before 3.15.0S

Description The Layer 4 Redirect feature in Cisco IOS XE allows remote attackers to cause a denial of service via malformed IPv4 or IPv6 packets. Successful exploitation could trigger a reload of the forwarding plane, causing an interruption of services, and repeated exploitation could result in a sustained denial of service condition. Additionally, exploitation of the Crafted TCP Packet Remote Code Execution Vulnerability could allow an unauthenticated remote attacker to execute malicious code on the affected device.

Recommendations For versions 3.x before 3.10.4S, update to version 3.10.4S or later. For versions 3.11 before 3.11.3S, update to version 3.11.3S or later. For versions 3.12 before 3.12.2S, update to version 3.12.2S or later. For versions 3.13 before 3.13.1S, update to version 3.13.1S or later. For versions 3.14 before 3.14.0S, update to version 3.14.0S or later. For versions 3.15 before 3.15.0S, update to version 3.15.0S or later. As a temporary workaround, consider disabling the Layer 4 Redirect feature until a patch is available. Restrict access to the affected devices to minimize the risk of exploitation.