CVE-2016-6386

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.1 through 3.17 Cisco IOS XE version 16.1 on 64-bit platforms

Description A vulnerability in the IPv4 fragment reassembly function could allow an unauthenticated, remote attacker to cause an affected device to reload due to the corruption of an internal data structure when reassembling an IPv4 packet. An attacker could exploit this by sending crafted IPv4 fragments to an affected device, resulting in a denial of service (DoS) condition.

Recommendations For Cisco IOS XE versions 3.1 through 3.17, update to a fixed software version. For Cisco IOS XE version 16.1 on 64-bit platforms, update to a fixed software version. As a temporary workaround, consider restricting access to the IPv4 fragment reassembly function until a patch is available.