CVE-2015-0681

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 Cisco IOS XE versions 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S Cisco IOS XE versions 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG Cisco IOS XE version 3.2.xSE before 3.3.0SE Cisco IOS XE version 3.2.xXO before 3.3.0XO Cisco IOS XE versions 3.2.xSQ, 3.3.xSQ, and 3.4.xSQ

Description A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The TFTP server feature is not enabled by default. This issue is caused by improper memory management triggered by multiple requests.

Recommendations For Cisco IOS versions 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1, update to a fixed version. For Cisco IOS XE versions 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS, update to version 3.6.0S or later. For Cisco IOS XE versions 3.1.xSG, 3.2.xSG, and 3.3.xSG, update to version 3.4.0SG or later. For Cisco IOS XE version 3.2.xSE, update to version 3.3.0SE or later. For Cisco IOS XE version 3.2.xXO, update to version 3.3.0XO or later. As a temporary workaround, consider disabling the TFTP server feature until a patch is available.