CVE-2016-1348

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.0 through 15.5 Cisco IOS XE versions 3.3 through 3.16

Description The issue is related to insufficient validation of DHCPv6 relay messages, which could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This can be achieved by sending a crafted DHCPv6 relay message to an affected device.

Recommendations For Cisco IOS versions 15.0 through 15.5, update to a version that includes the fix for this issue. For Cisco IOS XE versions 3.3 through 3.16, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the DHCPv6 relay feature until a patch is available.