CVE-2015-0687

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.1(2)SG4

Description A denial of service issue exists due to an unspecified condition during SNMP polling of an affected device configured for Virtual Switching System (VSS) with only one switch in the VSS cluster. This allows an authenticated, remote attacker to cause the device to crash. The attacker must authenticate to the targeted device to exploit this issue.

Recommendations For Cisco IOS version 15.1(2)SG4, update to a newer version that includes the fix for this issue, as confirmed by Cisco. As a temporary workaround, consider restricting access to SNMP polling on affected devices configured for VSS with only one switch in the VSS cluster until a patch is available.