CVE-2015-0709

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.5S and earlier Cisco IOS XE (affected versions not specified)

Description A denial of service issue exists due to improper processing of crafted RADIUS packets. An authenticated, remote attacker could exploit this by sending crafted packets to cause the device to crash. The attacker must authenticate to the device and may need additional information, such as the RADIUS secret and whether the device is configured with RADIUS Proxy.

Recommendations For Cisco IOS version 15.5S, update to a newer version that includes the fix for this issue. For Cisco IOS XE, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider restricting access to the RADIUS protocol on affected devices until a patch is available.