CVE-2015-0708

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.4S, 15.4SN, and 15.5S Cisco IOS XE versions 3.13S and 3.14S

Description The issue is due to improper handling of DHCPv6 packets for a SOLICIT message for an Identity Association for Non-Temporary Addresses (IA-NA) by a device running the affected software. An unauthenticated, adjacent attacker could exploit this by sending a crafted sequence exchange of DHCPv6 packets for a SOLICIT message for an IA-NA to an affected device, potentially causing the device to crash and resulting in a denial of service condition. To exploit this, an attacker must be on the same broadcast or collision domain as the affected device and the device must be configured for DHCPv6 server.

Recommendations For Cisco IOS versions 15.4S, 15.4SN, and 15.5S, update to a newer version that includes the fix for this issue. For Cisco IOS XE versions 3.13S and 3.14S, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to devices configured with DHCPv6 server to minimize the risk of exploitation.