CVE-2016-1432

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.15S through 3.16S

Description The issue is related to a denial of service caused by a NULL pointer dereference and card restart. This can be triggered by a crafted SNMP request. The vulnerability exists because the affected platform does not properly handle SNMP read requests for a specific object ID that is not supported by the platform, leading to an attempt to reference a pointer with a NULL value. An authenticated, remote attacker can exploit this by submitting a specific, valid SNMP request, causing the supervisor card to restart and resulting in a denial of service condition.

Recommendations For Cisco IOS XE versions 3.15S through 3.16S, update to a newer version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. At the moment, there is no information about other workarounds that address this vulnerability.